tank's avatar
tank 3 weeks ago
Thanks for clarifying. 1-4: makes sense. The downside of relays is IP address (location) leakage to multiple untrusted server if users are not using a VPN. 5: I agree for a wallet use case. But for nostr the user loses his social graph. 6: the UX cost is zero for icloud-key-value-store (users are generally logged into their Apple ID on iOS). On Android there is a UX cost. The main upside I see is 2FA though. Compromise of a passkey is not unlikely on a desktop computer due to higher malware risk. Users could recover their wallet only on mobile devices. A user using yubikeys to secure their Apple/Google account would be resistent to an adversary that has compromised their laptop.
↑ Parent

Replies (1)

Default avatar
Yaacov Akiba Slama 2 weeks ago
Re 5. The passkey is used explicitly for the wallet. Re 6. A regular user doesn't store his passkeys in his desktop, and the passkey stays in his phone or physical key and only the prf result is sent to the desktop.
1 replies ↓