Follow

Guide to Web

An introduction to Web Authentication (), the new API that can replace passwords with strong authentication.

webauthn.guide/

Supported by most major web browsers safe 1, whose vendor claims support will follow shortly.

@aeveltstra Ugh, browsers already have public key crypto auth that doesn't force you to enable javascript. Why does the W3C force everyone to run fucking javascript!? :blobugh:

@phryk which auth mechanism are you speaking of?

@phryk @dvn Maybe it's because TLS client certs don't work on http 2?

@phryk I remember the old thread on the HTTPbis Mailing List:
"Neither [Internet Draft] was adopted, here or at TLS, so currently HTTP/2 is not usable with mutual authentication."
mailarchive.ietf.org/arch/msg/

But I did re-check it now, when the specs are final and it seems that http/2 can indeed support client certificates as long as they're over brand new connection: tools.ietf.org/html/rfc7540#se

I'll check it out in nginx but on paper it seems to work - terribly sorry for the confusion!

@wiktor No problem, thanks for going the extra mile and clearing it up. :)

Sign in to participate in the conversation
Mastodon

Invite-only Mastodon server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!