> Passkeys ARE self-signed certs. So they took something that works well and created a bad UX a...

goku12 • today at 8:46 AM • 3 replies • view on HN

> Passkeys ARE self-signed certs.

So they took something that works well and created a bad UX around it, while ignoring the working, yet languishing UI/UX that was already around?

Replies

lxgr • today at 10:22 AM

You can't be seriously claiming that self-signed PEM certificates were working well. I've been using them for years in various contexts, and they're an absolute nightmare.

Despite all their faults, for the average user, Passkeys are still miles ahead of GnuPG card, PIV, PKCS#15 etc.

➕ show 1 reply

lxgr • today at 10:22 AM

You can't be seriously claiming that self-signed PEM certificates were working well. I've been using them for years in various contexts, and they're an absolute nightmare.

Despite all their faults, for the average user, Passkeys are still leagues ahead of GnuPG card, PIV, PKCS#15 etc.

cyberax • today at 9:10 AM

Self-signed certificates are in the 'barely working' state. They operate on a wrong protocol level, and they can't be provisioned by the website itself.

If you try to describe how you _want_ the TLS client certificate UI to work, you'll end up with passkeys.

➕ show 2 replies

alt Hacker News

Replies