IIRC client certs are bound to the TLS channel, while passkeys are bound to the domain name.
Passkeys do not protect against DNS domain takeovers or BGP hijacks (where a malicious website hijacks the domain name and obtains a valid https website certificate).
OTOH if your browser has a TLS connection to a MitM proxy such as Cloudflare or Fastly, you're dead in the water anyway.
Έλλεν Εμίλια Ά.ζ.
in reply to xssfox (crossy) • • •Softwarewolf
in reply to xssfox (crossy) • • •Yaakov
in reply to xssfox (crossy) • • •isithran likes this.
isithran
in reply to Yaakov • •Eugene likes this.
Yaakov
in reply to isithran • • •earbs 💖💛💙
in reply to xssfox (crossy) • • •Vincent Sparks
in reply to xssfox (crossy) • • •shutup shut up SHUT UP SHUT
/lh
xssfox (crossy)
in reply to xssfox (crossy) • • •I love this, so I
in reply to xssfox (crossy) • • •I love this, so I
in reply to I love this, so I • • •raspberry
in reply to xssfox (crossy) • • •mmmmmmmTLS
yummy
Erik van Straten
in reply to xssfox (crossy) • • •: no they're not.
IIRC client certs are bound to the TLS channel, while passkeys are bound to the domain name.
Passkeys do not protect against DNS domain takeovers or BGP hijacks (where a malicious website hijacks the domain name and obtains a valid https website certificate).
OTOH if your browser has a TLS connection to a MitM proxy such as Cloudflare or Fastly, you're dead in the water anyway.
#TLS #MitM #AitM #Passkeys