WebAuthn Level 3 Draft

• webauthn

  33 1,094 8.9 HTML

  Web Authentication: An API for accessing Public Key Credentials

  

Clicking through to the most recent (September 2022) draft, we can see it talks about needing an "Attestation CA"[0], saying:

> In this case, an authenticator is based on a Trusted Platform Module (TPM) and holds an authenticator-specific "endorsement key" (EK). This key is used to securely communicate with a trusted third party, the Attestation CA

Basically what they're trying to create is DRM for human identity, where you will only be allowed to access certain websites if you own a specific device which is approved by your government in order to verify your age / legal ID number / biometrics.

Putting this capability in the spec is a very dangerous idea as it will be abused by sites, if not of their own volition, then once pressured to by governments as soon as they realise the power it gives them.

[0] https://w3c.github.io/webauthn/#attestation-ca

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

Suggest a related project