This is interesting , to use cross device there needs to be a vault of some kind to share btw browser would it make sense to have a recommendation for that also , so it would be standardized ?
One approach is to issue one certificate per device per subject. The subject identifier could remain the same. If this approach is taken, revocation checking is critical -- you end up having a bunch of certificates that all claim to be the same subject, so you need to make sure any presented certificate is valid. However, while revocation checking is often problematic for clients, some of those issues are more easily managed on a sessile server.