(no title)

That is effectively what Token Binding does. That was unfortunately difficult to deploy because the auth stack can be far removed from TLS termination, providing consistency on the client side to avoid frequent sign outs was very difficult, and (benign) client side TLS proxies are a fairly common thing.

Some more on this in the explainer: https://github.com/w3c/webappsec-dbsc#what-makes-device-boun...