WebAuthn Level 3 Draft

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • SonarLint - Clean code begins in your IDE with SonarLint
  • Zigi - The context switching struggle is real
  • InfluxDB - Build time-series-based applications quickly and at scale.
  • Scout APM - Truly a developer’s best friend
  • webauthn

    Web Authentication: An API for accessing Public Key Credentials

    Clicking through to the most recent (September 2022) draft, we can see it talks about needing an "Attestation CA"[0], saying:

    > In this case, an authenticator is based on a Trusted Platform Module (TPM) and holds an authenticator-specific "endorsement key" (EK). This key is used to securely communicate with a trusted third party, the Attestation CA

    Basically what they're trying to create is DRM for human identity, where you will only be allowed to access certain websites if you own a specific device which is approved by your government in order to verify your age / legal ID number / biometrics.

    Putting this capability in the spec is a very dangerous idea as it will be abused by sites, if not of their own volition, then once pressured to by governments as soon as they realise the power it gives them.

    [0] https://w3c.github.io/webauthn/#attestation-ca

  • SonarLint

    Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts