undefined | Better HN

0 pointsAgentME2y ago0 comments

I don't understand this criticism. What is being controlled? Passkeys are an open standard that a browser can implement with public key crypto.

0 comments

ndriscoll2y ago

Doesn't passkeys give the service a signature to prove what type of hardware device you're using? e.g. it provides a way for the server to check whether you are using a software implementation? It's not really open if it essentially has type of DRM built in.

LoganDark2y ago

You're thinking of hardware-backed attestation, which provides a hardware root of trust. I believe passkeys are just challenge-response (using public key cryptography). You could probably add some sort of root of trust (for example, have the public key signed by the HSM that generated it) but that would be entirely additional to the passkey itself.

pabs32y ago

Passkeys do have the option of attestation, but the way Apple at least do them means Apple users won't have attestation, so most services won't require attestation.

j / k navigate · click thread line to collapse

0 comments

ndriscoll2y ago

LoganDark2y ago

pabs32y ago

Passkeys do have the option of attestation, but the way Apple at least do them means Apple users won't have attestation, so most services won't require attestation.

j / k navigate · click thread line to collapse