A thing I just saw on the orange site: "WebAuthn seems to be designed by big businesses to take control of the authentication ecosystem."

-
-
Replying to @reaperhulk @tqbf
Why do you find this argument ridiculous? This is what happened with Oauth.
2 replies 0 retweets 1 like -
Replying to @Pinboard @reaperhulk
I’m slow today because flu, but: it looks to me like everyone does OAuth and nobody has trouble implementing it; I think it’s actually TOO EASY to do OAuth.
1 reply 0 retweets 2 likes -
(I spent a fair bit of time this year carefully auditing OAuth implementations that didn’t need to exist)
1 reply 0 retweets 2 likes -
Replying to @tqbf @reaperhulk
My minor point is that monopoly tech companies have been trying to centralize login for a very long time, so it's natural to approach new login methods with skepticism. I don't think WebAuthn is a ruse, but I don't think ridiculing people for deep distrust is warranted, either
3 replies 0 retweets 6 likes -
My primary issue with this comment is that it (at best) misunderstands the WebAuthn specification to require hardware tokens (it does not) and then makes an assertion of bad faith based upon that misunderstanding.
1 reply 0 retweets 2 likes -
Replying to @reaperhulk @tqbf
When it comes to potentially privacy-harvesting technologies like WebAuthn, I think it is defensible to assume bad faith until proven otherwise. This makes a lot of people who work at the large companies and have pure intentions angry, but it is warranted by past conduct.
1 reply 0 retweets 1 like
I say this as a big fan of the spec, friend to all who worked on it, wear a hat made out of security keys etc.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.