The thing is, if you want to use SSH with a secure element, suddenly you're using FIDO2, right? OpenSSH already supports it.
And WebAuthn is using FIDO2, it's not that different, it's just that WebAuthn adds some stuff like a relying party.
The thing is, if you want to use SSH with a secure element, suddenly you're using FIDO2, right? OpenSSH already supports it.
And WebAuthn is using FIDO2, it's not that different, it's just that WebAuthn adds some stuff like a relying party.
It's the stuff it adds that most people object to.
It feels more like people object for the sake of objecting. I often have this feeling: people first don't care (about security, about renewable energy, ...), and the moment they start caring, there is a high risk that they will just object to everything, sometimes without good reasons.
Sure, we are being abused by TooBigTech and surveillance capitalism. It doesn't mean that all security is bad. Security is a compromise. Yet many people go "this added security comes from a governement/TooBigTech so it proves that it is a lie". Which is wrong: it doesn't prove it. Sometimes there are good things coming from governments/TooBigTech.
The world is more nuanced than people seem to realise.