zlacker

[return to "A Tour of WebAuthn"]
1. lapcat+Vr[view] [source] 2024-12-26 23:00:42
>>caust1+(OP)
> A passkey is a synced, discoverable WebAuthn credential.

This is my fundamental problem with passkeys: I don't want to use any syncing service.

To be clear, I don't want to deprive other people of the ability to sync their credentials; I simply want to opt out myself. I just want to be able to manually back up and restore my credentials, like I've always done with passwords, but the passkey vendors seem to want to refuse to give anyone this ability. The vendors claim that this is to make phishing impossible, but I abhor paternalism in all forms, and also it's suspicious that this paternalism forces people to use the syncing systems of the passkey vendors, which are usually paid subscriptions. So passkeys become an endless supply of money for the vendors.

It's very telling that passkeys were designed and shipped without any export/import mechanism. You can plainly see the priority of the passkey vendors, which is to lock you in. Allegedly, export/import is coming sometime in the future, but I strongly suspect that they'll end up with some kind of "approved provider" system so that the big passkey vendors can retain absolute control and avoid giving power to the users.

◧◩
2. somat+D61[view] [source] 2024-12-27 09:46:14
>>lapcat+Vr
I was messing with implementing webauthn the other day, mainly because I like public key authentication. I was hoping for something sort of like ssh keys. and they were close, so close, to having something good that could replace password auth. and then they break it by requiring a hardware token, Yes, a hardware token is better, but I am not going to require users get a hardware token. there are working software token systems built into the browser but they are gated behind dev tools, again something I am not going to ask of users. and just to spit in whatever goodwill they have left, to make it really unusable, there is this weird mandated "no user interface" policy in the standard. making near impossible to manage keys. The keys are critical in a public key auth system. but "no, we are disallowed, by the standard, to give you an easy mechanism to back up and restore keys"

If I were more conspiracy minded, I would suspect some sort of agent provocateur ruining our standards. However, I am unable to come up with a profit motive, so my only conclusion is incompetence.

◧◩◪
3. former+pf1[view] [source] 2024-12-27 12:22:05
>>somat+D61
You used to be able to generate X.509 client authentication certificates (well technically CSR) right in the browser with the since removed <keygen> tag. Ergonomics weren’t that bad, until a user forgot they had a certificate on their broken PC.
◧◩◪◨
4. lxgr+mw1[view] [source] 2024-12-27 15:08:23
>>former+pf1
As somebody that used to use them for a while: The ergonomics of TLS client authentication in the browser were abysmal. And that's to say nothing about the privacy consequences.
◧◩◪◨⬒
5. former+zG1[view] [source] 2024-12-27 16:05:36
>>lxgr+mw1
iirc managing them was buried super-deep in the browser settings (just like managing resident keys, browsers don’t even do that), but enrollment was fairly simple from a user PoV - submit a form and the server sent back the certificate, iirc you had to confirm a scarily worded dialog (or maybe import it manually? Not sure). Login was smooth if I remember it - just a pop-up if you want to use the installed certificate. Privacy should be fine with TLS 1.3 but would’ve been nonexistent with the contemporary SSL/TLS versions of course.
◧◩◪◨⬒⬓
6. lxgr+fN1[view] [source] 2024-12-27 16:49:35
>>former+zG1
> Login was smooth if I remember it

That's unfortunately not how it works. TLS sits at the transport layer, so it's not possible for a website to use these certificates for a "login-like flow". The site doesn't get to present to the user why and to whom they are authenticating, since transport layer authentication has to happen before HTTP even gets a single request in.

There is also no "logout" button. It shares these UX problem with HTTP "basic authentication" (even though that's technically an application layer protocol).

On top of that, TLS is these days often terminated by a load balance or even a completely separate entity like Cloudflare. Not sure if you can configure these to request client certificates at all; even if you can, it makes things pretty awkward if you want to have closer control of the authentication flow.

> Privacy should be fine with TLS 1.3

It's not fine at all. Any HTTP server can request your client certificate, and most users would probably not think twice before clicking "authenticate", which then reveals their long-time stable certificate and public key to a potentially malicious server.

Compare that with WebAuthN, which makes it intentionally impossible to accidentally present the certificate for a.com at b.com.

[go to top]