[_pzht]

The demo website and the github repo contain this information. It would be helpful, if people actually created a key pair and tried to use it and misuse it before being critical.

It's not meant for federation, single-sign on (which is single compromise IMPO) or anything that is commonly discussed in the security community. It's foreign to most (I understand that), and I just wanted to share it and start a discussion.

[md_]

I read the github readme. It doesn't explain the problem or threat model in any detail.

My comment has nothing to do with federation or SSO, so I'm not sure why you mentioned those?

[_pzht]

Because it was in reply to my earlier comment saying this is not SSO. People seem to think these signatures can be used on multiple websites (sign in with Google like functionality). That's not the case.

These signatures are meant to be used to authenticate to a website. If multiple websites implement this idea, then end users should have multiple key pairs (one for each site). So there would be no way a signature for one site could be misused or abused on another.

I believe the github site and the demo website do describe the problem and goals. Webauthn is too complex. Passwords are bad. Hashes are dumped from databases and cracked. Passwords are stuffed, etc. The complexity of webauthn is not the answer.

In this scheme, the website only knows its users' public Ed25519 keys. These keys are harmless and it does not matter if they are stolen (they cannot be used to cause any harm).

The users are in full control of the keys. There is no CA signing TLS certs, etc. The web service and its users are in full control of the process and they are using open-source software. Full transparency that is easily understood by all parties.

Also, there is no identifying information in an Ed25519 key. One goal I have is user anonymity. This scheme allows for that too. No email, phone, etc. Just a public Ed25519 key fully controlled by its end user.

[Zamicol]

Are you the author? If so I would love to talk with you more about your vision and goals.

I personally would like reusable keys, and I agree namespace or some other mechanism is needed.

I generally prefer to link my identity among websites and I'm generally not concerned about anonymity or privacy. "A key for each website" is nearly worthless to me.

The ability of others to spoof my identity because a website uses passwords, and most websites provide little to no logging, let alone a standardization, infuriates me. That is a outsized use case I see little attention given to.

If I tweet, users are forced to trust Twitter's authentication system that I tweeted. I don't trust Twitter's authentication systems.

Public key authentication permits third parties to verify my actions without the need to trust system authentication systems.

[dcow]

I too am interested in the small slice of the problem that is replacing passwords with something asymmetric. The rest is kinda out of scope IMO. OPAKE is cool but definitely not less complicated than WebAuthn and doesn't do anything related to solving phishing and tracking etc. either. Keys seem like a natural solution. WebAuthn is actually really good but browsers don’t yield enough control for people to use it in a portable identity style, which I also agree isn't the devil.

[md_]

WebAuthn is "too complex" the way a catalytic convert is "too complex." If you don't know what it's for, it certainly seems like you can remove it with no downsides. ;)

> Because it was in reply to my earlier comment saying this is not SSO.

The person you were replying to was also not talking about SSO, which makes me think you don't understand that (valid, and fundamental) criticism of your proposal. :-/

> Webauthn is too complex.

Which functionality would you remove, and what tradeoffs does that get you?

> Passwords are bad. Hashes are dumped from databases and cracked.

Surely it's easier for an IdP to use scrypt with some meaningful salt than to implement this fully novel and unsupported scheme.

> Passwords are stuffed, etc.

These seem like problems that affect password reuse. According to your design, users should just know better than to reuse keys, so...why not just know better than to reuse passwords?

> There is no CA signing TLS certs, etc.

So why not use self-signed X509 client certs instead? This is actually a thing browsers actually support.

> The web service and its users are in full control of the process and they are using open-source software.

This is a category error. We were discussing a protocol. If you think your specific implementation of that protocol is better than all the open source implementations of FIDO+WebAuthn, X509 client certs, PAKE, etc...well, you're probably wrong. :)

> One goal I have is user anonymity.

You have not explained how your system is more anonymous than the existing, well-defined, standards-compliant alternatives.

Edit: Just to be clear about the tone of my feedback: my intention is to help you understand the context in which you are making your proposal and, ideally, understand the design tradeoffs existing systems have made. I know it's easy to become attached to an idea and take criticism like a personal attack. I hope you can take this constructively.

[dcow]

Your tone is overly dismissive. If you want to be constructive then have a constructive conversation and not a dismissive knee jerk reaction. Your comment reads like “I haven’t read a standard for this or bothered to really take a look and it’s new therefore it’s fundamentally bad and insecure and not worth my time”. This repo is simply proposing using signed timestamps for auth. It would be nice to keep the discussion on that topic and it’s merits. Personally I think webauthn is not too complex and just needs to not be locked up in browser land so we can have a real softkey impl so we probably actually agree on our general outlook. You’re just kind a being a security diva about the whole thing and it’s not really fair to the author.

[md_]

Which part was knee jerk? I read everything on the (minimal) webpage. It doesn’t explain anything of substance, nor does it anticipate the (obvious) issues other commenters here noted. It’s like the author just proposed to remove everything they didn’t understand from Webauthn and was left with this.

Honestly, this discussion isn’t worth the time.

As for software webauthn keys:

- What do you mean “locked up in browser land?” You can use FIDO elsewhere (e.g. ssh https://ubuntu.com/blog/enhanced-ssh-and-fido-authentication...).

- Softkeys are available—in fact, iOS, Android, MacOS, and Windows 11 all do webauthn by default, without the need for a hardware token.

[dcow]

And what’s left is essentially wireguard for logins. People love wireguard for its simplicity because it doesn’t use certs and PAKEs and whatnot. Yeah there are valid criticisms and I’ve critiqued the work as well in other comments. But the “this is utter shit how could anyone imagine this is a valid idea” is not productive.

> Honestly, this discussion isn’t worth the time.

That’s my point. If it’s not worth your time then let others who are interested discuss rather than just pissing all over the author’s project.

> - Softkeys are available—in fact, iOS, Android, MacOS, and Windows 11 all do webauthn by default, without the need for a hardware token.

That’s not soft keys it’s “platform authenticator”.

When I say softkeys I mean keys managed by a user agent such that they can be portable, like is common with ssh. SSH is popular because it’s gives users the freedom to easily elect their security posture: do they want a user key that can be deployed to different devices or are they super paranoid and want a device key. Do they want a software agent to manage soft keys for them and it can handle the device security and hardware crypto engine support. Not your concern, not the protocols concern, not the services concern: it’s the user’s concern.

Wireguard has soft keys, too.

WebAuthn’s crowd and browser implementers on the other hand seem fixated on making sure users never have the option to deploy the protocol in such a way. That’s the problem.