top | item 17032675

(no title)

emlun | 7 years ago

I think you misunderstand how WebAuthn works - there's no "root credential". See my other reply https://news.ycombinator.com/item?id=17032637

No third party issues tokens in WebAuthn either - you have your one or a couple of authenticators you use everywhere, and those authenticators create their credential keypairs locally on the device (and a separate keypair is created for each site - they're not shared between sites).

discuss

No comments yet.