this post was submitted on 22 Dec 2025
76 points (90.4% liked)
Technology
77870 readers
2998 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Client side TLS certs are basically the same stuff and it works nicely. Too bad they didn't improve on that. My guess is that the big boys want to handle it at application layer.
To me they seem
A More user friendly
B Abstract away the burden of keeping the mTLS synchronized across devices
C Can be used in hardware and software.
Feel free to correct me if my assumptions are wrong.
Is your B point properly addressed by Passkeys? With all this talk about export I presume not. Client certs seem abandoned, you can't use it on mobile.
In theory yes.
Hardware tokens are bound to keys
Software baes tokens can be synced with password managers (3rd or 1st party)
And the client cert abandonment problem is an entirely other issue.