|
|
|
|
|
|
by shivak
2854 days ago
|
|
|
I think that’s mitigated by the physical button one has to press every time something is signed. I’m not sure if the restriction to authentication has substantially simplified the WebAuthn API. The restriction is caused by a speed optimization, not design simplification. If the actual payload was sent to the authenticator, rather than just its hash due to bandwidth limitations, then it seems like the API could be used for signing messages, not just authentication. I do agree that the user interfaces surrounding the APIs will be simpler due to the focus on authentication. |
|
|