Using the TPM for this feels _way_ over-engineered for what its trying to accomplish. Also, just tinkering with webauthn; it feels slow on the client side - which is fine if you're authenticating, but murder if you're signing something with it every time you send a cookie. I'm overthinking this maybe?
1 comment
[ 4.5 ms ] story [ 12.0 ms ] thread