You can't be seriously claiming that self-signed PEM certificates were working well. I've been using them for years in various contexts, and they're an absolute nightmare.
Despite all their faults, for the average user, Passkeys are still miles ahead of GnuPG card, PIV, PKCS#15 etc.
You can't be seriously claiming that self-signed PEM certificates were working well. I've been using them for years in various contexts, and they're an absolute nightmare.
Despite all their faults, for the average user, Passkeys are still leagues ahead of GnuPG card, PIV, PKCS#15 etc.
Self-signed certificates are in the 'barely working' state. They operate on a wrong protocol level, and they can't be provisioned by the website itself.
If you try to describe how you _want_ the TLS client certificate UI to work, you'll end up with passkeys.
goku12|2 days ago
So they took something that works well and created a bad UX around it, while ignoring the working, yet languishing UI/UX that was already around?
lxgr|1 day ago
Despite all their faults, for the average user, Passkeys are still miles ahead of GnuPG card, PIV, PKCS#15 etc.
lxgr|1 day ago
Despite all their faults, for the average user, Passkeys are still leagues ahead of GnuPG card, PIV, PKCS#15 etc.
cyberax|2 days ago
If you try to describe how you _want_ the TLS client certificate UI to work, you'll end up with passkeys.