Guide to Web

An introduction to Web Authentication (), the new API that can replace passwords with strong authentication.

Supported by most major web browsers safe 1, whose vendor claims support will follow shortly.

@aeveltstra Ugh, browsers already have public key crypto auth that doesn't force you to enable javascript. Why does the W3C force everyone to run fucking javascript!? :blobugh:

@phryk which auth mechanism are you speaking of?

@phryk @dvn Maybe it's because TLS client certs don't work on http 2?

@phryk I remember the old thread on the HTTPbis Mailing List:
"Neither [Internet Draft] was adopted, here or at TLS, so currently HTTP/2 is not usable with mutual authentication."

But I did re-check it now, when the specs are final and it seems that http/2 can indeed support client certificates as long as they're over brand new connection:

I'll check it out in nginx but on paper it seems to work - terribly sorry for the confusion!

@wiktor No problem, thanks for going the extra mile and clearing it up. :)

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!