I remember in grad school one of my professors saying “Networking and data storage are dual. One is about communicating data through space; the other is about communicating data through time” and 🤯. This was in the context of information theory and cryptography. I often go back to that idea.
@abucci@anthony.buc.ci I have to do this for my homelab. Will let you know the next days how it worked out. There is also a nice piece of software to do so: https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi-yubikey/
But never tried.
@abucci@anthony.buc.ci in a personal case, in 2022 I explored client certificates, (I can’t recall who suggested that, it was you?).
I think it’s amazing for corporates and perhaps power users. Anyway, I think it’s too obscure for a normal employee who doesn’t understand what’s going on.
For something closer to the current Web experience I think Webauthn/Passkeys will be slightly simpler to use and to implement, due to the support of main OS and integrated security hardware in PCs and Phones. Or you can use a USB device which is closer to a “car key” being the physical aspect easier to understand than an abstract encryption technology IMO.
But as they say, why not both?