Turn the web into one big social network with client side ssl certs

[ericbets]

Enable Client Side SSL Certificates, help get rid of passwords and oidc on the web once and for all.

For example, when the browser navigates to a site a popup gives the user a choice of which per site keypair to login with, if one is not marked as default. Or no keypair / a new keypair. Because a user might have multiple keypairs for the same site, eg their business account, personal account. This would be quite disruptive to the web, and it would make pulse browser the browser of the future.

[mjerem34]

What about anonymity?

[ericbets]

There could be an option to login with no client key, which is the de facto standard today. That could be a good signal to wipe the cookies as well.

[trickypr]

Do you mean something like the Web Authentication API? This should already work out of the box (I managed to get it working with this demo), however it requires a hardware key to work.

[ericbets]

I might be wrong on this but I would prefer per site software keys because then it's not a global hardware key pair which to me has real privacy implications for cross site tracking and so on.

[trickypr]

A key pair is only ever allowed for one domains. A "hardware key" was the wrong term for me to use. "Hardware authenticator" would probably be more correct. These are things that can store key-pairs that are encrypted at rest, for example TPMs in desktops or Secure Enclave (Apple's T2, M*, A*). You can change the keys they store, but it is hard to break into them without having access to the auth method (like fingerprint, face or pin).

There is a great talk on the usage of WebAuth: https://www.youtube.com/watch?v=MesXuMg0WKo

[ericbets]

Yeah that definitely sounds better. For me the appeal is largely server side, it would simplify so much to do with authentication and authorization for web apps.

There is a great talk on the usage of WebAuth: https://www.youtube.com/watch?v=MesXuMg0WKo

Thanks! I'll check it out.