Whilst I strongly support Client Authentication use-cases, I think framing
it in terms of getting rid of the password is unhelpful.
Removing the password and just using a single key stored as a file makes
the implicit assumption that everyone always has a secure physical
environment.
This is not t
+1 for FIDO
Regards,
Uri
> On May 24, 2022, at 01:11, Tim Cappalli
> wrote:
>
>
> You mentioned FIDO, but I didn't see a reason why you don't want to use it.
> The industry has largely accepted the mature FIDO standards stack (WebAuthn &
> CTAP) as the strong authentication method that rep
