[baybal2]

It's fairer to say it's going sideways, not forward with them.

FIDO is not a replacement for smartcards, nor a complement to smartcards. Fido is "Just better than passwords" level of authentication.

The golden standard for HTTPS security, two side mutual auth with public keys on TLS level for example is only there with smartcards.

[tialaramex]

Doing mutual auth is great security but it has a horrible privacy story. Advertisers would, I'm sure, love knowing that this visitor to PornHub's custard pie fight section is the exact same person who bought the book "In Praise of the Klan" on Amazon and the one who bought take-out from a Chinese in Denver last Thursday. The clever thing about say WebAuthn is that you get an excellent privacy story to go with your security. Even if PornHub, Amazon and that Chinese place all conspire against you, with the advertisers, they don't end up learning if you're the same person even though you used the same Security Key all over the place.

[md_]

Please. We prefer it be called the Hoboken squat cobbler.