Using the TPM for this feels _way_ over-engineered for what its trying to accomplish. Also, just tinkering with webauthn; it feels slow on the client side - which is fine if you're authenticating, but murder if you're signing something with it every time you send a cookie. I'm overthinking this maybe?
Using the TPM for this feels _way_ over-engineered for what its trying to accomplish. Also, just tinkering with webauthn; it feels slow on the client side - which is fine if you're authenticating, but murder if you're signing something with it every time you send a cookie. I'm overthinking this maybe?