@resist1984 @themactep @mindofjoe Something went really awry some time ago: Browsers used to have javascript functions to generate public/private key pairs and help manage their use. Some products (e.g. “dogtag” iirc) used that function to develop pki management tools. At some point, though, the consortium deprecated those key gen functions, breaking some of the follow-on products. I didn’t search hard, but I couldn’t find the rationale 😕 But you’re right: basic pubkey crypto is great. It has some issues (e.g., use on multiple devices, protection/revocation, etc.), some addressed by hw tokens (e.g., ubikey). It can be used at the app and even tls level. 3rd party products, incl. foss (e.g., “keycloak”, “freeipa”) support it for id for oauth/oidc-type apps. Just requires webdevs gaining experience.