Post AVmrUhLi5FVB27BRdA by khoji@ieji.de
 (DIR) More posts by khoji@ieji.de
 (DIR) Post #AVmrUfQFFPwP3bI2QC by nelson@tech.lgbt
       2023-05-18T16:38:48Z
       
       0 likes, 0 repeats
       
       No one in the tech world seems to understand passkeys. How the product as a whole works, how they fit into authentication and identity on the Internet.There's a real need for a clear overview article about passkeys in a big picture sense. I'm surprised one doesn't exist yet.
       
 (DIR) Post #AVmrUgPDaiiK6hojSa by timbray@cosocial.ca
       2023-05-18T16:48:32Z
       
       0 likes, 0 repeats
       
       @nelson What you said. ⬆️ Passkeys are opaque to me.I understand the basics of OAuth and PKI and asymmetric crypto and JWT and so on, and there ought to be an explanation of what exactly is going on that I can parse. I claim to be good at explaining tech subjects to civilians (explaining OIDC used to be my party trick) but I wouldn’t know where to start.
       
 (DIR) Post #AVmrUgqrvupdUSkoYi by nelson@tech.lgbt
       2023-05-18T17:31:23Z
       
       0 likes, 0 repeats
       
       Well this observation hit a nerve. I wrote a longer form blog post on what I mean, mostly as a series of product questions. https://www.somebits.com/weblog/tech/what-are-passkeys.html
       
 (DIR) Post #AVmrUhLi5FVB27BRdA by khoji@ieji.de
       2023-05-18T18:03:24Z
       
       0 likes, 0 repeats
       
       @timbray @nelson And possibly a comparison with SQRL, the alternative solution that didn’t get adopted:https://www.grc.com/sqrl/sqrl.htmI don’t understand it well enough to say whether it is actually superior, but many who,use it swear by it.
       
 (DIR) Post #AVmrUi7ZDJmbQXZfE0 by nelson@tech.lgbt
       2023-05-18T17:32:28Z
       
       0 likes, 0 repeats
       
       I'll note replies to my Mastodon post so far are 50% tech folks saying "it's just public key crypto it's simple" and 50% folks with some product experience saying "you're right, I'm confused too".