<![CDATA[Passkeys are just sparkling TLS client certs]]>Passkeys are just sparkling TLS client certs

]]>https://board.circlewithadot.net/topic/0a52f06a-6cd1-4308-b84d-b45ac843e084/passkeys-are-just-sparkling-tls-client-certsRSS for NodeFri, 15 May 2026 08:29:18 GMTSun, 26 Apr 2026 00:04:06 GMT60<![CDATA[Reply to Passkeys are just sparkling TLS client certs on Mon, 27 Apr 2026 10:39:56 GMT]]>@isithran @xssfox not quite, they can be synced^ and transferred*

]]>https://board.circlewithadot.net/post/https://cloudisland.nz/users/yaakov/statuses/116476241304862308https://board.circlewithadot.net/post/https://cloudisland.nz/users/yaakov/statuses/116476241304862308Mon, 27 Apr 2026 10:39:56 GMT<![CDATA[Reply to Passkeys are just sparkling TLS client certs on Mon, 27 Apr 2026 10:21:21 GMT]]>@yaakov @xssfox this, with the notable limitation that private keys are now device bound 😿]]>https://board.circlewithadot.net/post/https://social.lkw.tf/objects/697d94f6-1069-ef38-a172-cf5357956005https://board.circlewithadot.net/post/https://social.lkw.tf/objects/697d94f6-1069-ef38-a172-cf5357956005Mon, 27 Apr 2026 10:21:21 GMT<![CDATA[Reply to Passkeys are just sparkling TLS client certs on Mon, 27 Apr 2026 08:50:17 GMT]]>@xssfox : no they're not.

IIRC client certs are bound to the TLS channel, while passkeys are bound to the domain name.

Passkeys do not protect against DNS domain takeovers or BGP hijacks (where a malicious website hijacks the domain name and obtains a valid https website certificate).

OTOH if your browser has a TLS connection to a MitM proxy such as Cloudflare or Fastly, you're dead in the water anyway.

]]>https://board.circlewithadot.net/post/https://todon.nl/users/ErikvanStraten/statuses/116475810140144254https://board.circlewithadot.net/post/https://todon.nl/users/ErikvanStraten/statuses/116475810140144254Mon, 27 Apr 2026 08:50:17 GMT<![CDATA[Reply to Passkeys are just sparkling TLS client certs on Mon, 27 Apr 2026 07:07:33 GMT]]>@jpm @xssfox Lotus Notes is usable? That's not what I remember

]]>https://board.circlewithadot.net/post/https://mastodon.radio/users/EI3JDB/statuses/116475406181631972https://board.circlewithadot.net/post/https://mastodon.radio/users/EI3JDB/statuses/116475406181631972Mon, 27 Apr 2026 07:07:33 GMT<![CDATA[Reply to Passkeys are just sparkling TLS client certs on Mon, 27 Apr 2026 05:35:09 GMT]]>@xssfox at least there's no PKI attached to them (I THINK?????????)]]>https://board.circlewithadot.net/post/https://pleroma.envs.net/objects/ca0e3c21-b559-4aa3-be8c-1b0931472dedhttps://board.circlewithadot.net/post/https://pleroma.envs.net/objects/ca0e3c21-b559-4aa3-be8c-1b0931472dedMon, 27 Apr 2026 05:35:09 GMT<![CDATA[Reply to Passkeys are just sparkling TLS client certs on Mon, 27 Apr 2026 03:51:21 GMT]]>I love how this annoys or clicks with people in different ways

]]>https://board.circlewithadot.net/post/https://cloudisland.nz/users/xssfox/statuses/116474634670299412https://board.circlewithadot.net/post/https://cloudisland.nz/users/xssfox/statuses/116474634670299412Mon, 27 Apr 2026 03:51:21 GMT<![CDATA[Reply to Passkeys are just sparkling TLS client certs on Mon, 27 Apr 2026 03:47:18 GMT]]>@xssfox shutup shut up SHUT UP SHUT

/lh

]]>https://board.circlewithadot.net/post/https://furry.engineer/users/AVincentInSpace/statuses/116474618740398636https://board.circlewithadot.net/post/https://furry.engineer/users/AVincentInSpace/statuses/116474618740398636Mon, 27 Apr 2026 03:47:18 GMT<![CDATA[Reply to Passkeys are just sparkling TLS client certs on Sun, 26 Apr 2026 23:22:59 GMT]]>@xssfox worse, since their cryptographic auth is one-time, exchanged for a long-lived stealable cookie

]]>https://board.circlewithadot.net/post/https://mastodon.social/users/rileywd/statuses/116473579380878236https://board.circlewithadot.net/post/https://mastodon.social/users/rileywd/statuses/116473579380878236Sun, 26 Apr 2026 23:22:59 GMT<![CDATA[Reply to Passkeys are just sparkling TLS client certs on Sun, 26 Apr 2026 10:15:20 GMT]]>@xssfox I thought sparkling Smart Cards

]]>https://board.circlewithadot.net/post/https://cloudisland.nz/users/yaakov/statuses/116470482235759814https://board.circlewithadot.net/post/https://cloudisland.nz/users/yaakov/statuses/116470482235759814Sun, 26 Apr 2026 10:15:20 GMT<![CDATA[Reply to Passkeys are just sparkling TLS client certs on Sun, 26 Apr 2026 00:41:59 GMT]]>@xssfox With landlords

]]>https://board.circlewithadot.net/post/https://chitter.xyz/users/faoluin/statuses/116468227705354345https://board.circlewithadot.net/post/https://chitter.xyz/users/faoluin/statuses/116468227705354345Sun, 26 Apr 2026 00:41:59 GMT<![CDATA[Reply to Passkeys are just sparkling TLS client certs on Sun, 26 Apr 2026 00:12:36 GMT]]>@xssfox with TOFU

]]>https://board.circlewithadot.net/post/https://tacobelllabs.net/users/arrjay/statuses/116468112217830279https://board.circlewithadot.net/post/https://tacobelllabs.net/users/arrjay/statuses/116468112217830279Sun, 26 Apr 2026 00:12:36 GMT<![CDATA[Reply to Passkeys are just sparkling TLS client certs on Sun, 26 Apr 2026 00:05:05 GMT]]>@xssfox with vendor-lockin

]]>https://board.circlewithadot.net/post/https://chaos.social/users/fogti/statuses/116468082634201490https://board.circlewithadot.net/post/https://chaos.social/users/fogti/statuses/116468082634201490Sun, 26 Apr 2026 00:05:05 GMT