Posts by kevinreddot@ioc.exchange
 (DIR) Post #AS2i1LG9Q1YO6l3J6e by kevinreddot@ioc.exchange
       2023-01-26T03:17:28Z
       
       1 likes, 1 repeats
       
       LOL.
       
 (DIR) Post #ASd2D2KBlWQAlx6ERU by kevinreddot@ioc.exchange
       2023-02-13T06:40:04Z
       
       0 likes, 0 repeats
       
       @lamp it's not a problem of IPv6, it's a problem of your ISP or your choice of the ISP plan. If you want to host services, obviously, you ought to have stable addresses.
       
 (DIR) Post #ATvrVum4HUGBVlzRmC by kevinreddot@ioc.exchange
       2023-03-24T06:29:29Z
       
       0 likes, 0 repeats
       
       @mjg59 there is SSHFP DNS record type that could work too, if DNSSEC was not in such sad state.
       
 (DIR) Post #ATvzIgb0U4TzPH1G8e by kevinreddot@ioc.exchange
       2023-03-24T07:57:59Z
       
       0 likes, 0 repeats
       
       @mjg59 it does not AFAIK. Would be great though.
       
 (DIR) Post #AzwHwZLvlJeFlQPCbY by kevinreddot@ioc.exchange
       2025-11-05T15:15:09Z
       
       0 likes, 0 repeats
       
       @cryptgoat platform-bound passkeys are an equivalent of OIDC-based “platform login” (like “login with Apple” or “login with Google”) for almost all practical purposes. They are even worse, because if an account is compromised and later recovered, the OIDC-based login remains secure, whereas stored passkeys are gone for good.This explains why platforms are so interested in supporting passkeys and in the same time are so disinterested in allowing secure cross-platform migration. Passkeys are the way to bound users to the platform, not to provide security.I think for corp IdP security teams will have to insist on using attested keys. I am also to sure, if resident keys are any better then non-resident keys.