On 4/27/20 7:34 PM, Russ Allbery wrote: > Thomas Goirand <z...@debian.org> writes: > >> Except that SQRL has no password involved, just crypto. > >> Since you are too lazy to read on, let me do a tl;dr. Simply put, the >> client holds a private key. From that private key, a new one is derived >> doing a HMAC of that key with the domain, meaning a client has a unique >> public/private keypair for each site. Then the site only holds the >> public key, and the client auth using his private key (again, unique to >> each site), presented a one time challenge. > > Thanks for the explanation! > > Why would we do this and not just use TLS (or X.509 more generally), which > has essentially the same properties and for which implementations are far > more widely available? What you describe is basically equivalent to how > Webauthn works except that Webauthn uses X.509 certs, for which there are > numerous well-tested and audited implementations.
We just had chat on #debian-devel. It looks like Webauthn is similar, yes. I'd be nice too. Thomas Goirand (zigo)