x.com

I'll give it a try. Inside the webauthn api spec, there's a spot for whats supposed to be a server-provided nonce. Turns out that you don't actually need a server to supply this nonce AND that a tx hash fits there quite nicely, and this flexibility in the API is there by design (changing it would seriously break webauthn integration). Turns out this webauthn api is generally attached to the secure enclaves found it most phones/computers (the special secure chunk of the systen that stores keys and sometimes passwords, but also does the signing). It's probably the most locked down element of a modern phone/laptop. So, by getting our tx hashes to be sign-able by webauthn, we effectively open up the devices everyone already have to be hardware wallets with face/fingerprint integration with the wallet secured by apple/google. So we bring killer UX to the table w/ better security. Also, as the enclaves dont do hd keygen, we're envisioning smart-wallet situation with multiple devices co-owning an account vs doing a seed phrase backup (though a seed phrase master key would probably be an option). The overall vision is to disconnect auth (signing) from wallet (front end) and have a minimal app that does the signing using the enclaves we carry around all day. If you want an _in production_ comparable, it'll be like BankID in Sweden (which is very close to a centralized version of what web3 wants when it comes to identity and authorization)