|
|
|
|
|
|
by woodruffw
1576 days ago
|
|
|
Yep, what you've described is pretty close to the scheme in WebAuthn. The main additions in WebAuthn are for protocol level security: there's an attestation nonce, a shared counter, and some other fiddly bits to make it harder/impossible to misuse. |
|
|