
<p>now that I think of it, one could use certificate authentication instead of JWT</p>

<p>this has several advantages:</p>

<ul>

<li>mobile phones grow more and more towards offering an embedded secure element. I.e. a mobile phone can use its secure element to store the certificate</li>

<li>does client authentication in TLS/SSL needs to be a fully-fledged domain certificate? if so, one can just implement a challenge-response thingy for authentication</li>

<li>certificate pinning can get your authentication sorted</li>

<li>one can use the certificate pinning stuff for localhost access as well</li>

<li>did I miss anything?</li>

</ul>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/bisq-network/proposals/issues/69#issuecomment-456803110">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AkpZtnqEzJcVSJKH-2HHpV0NXewO9KU0ks5vGGUMgaJpZM4aKpN9">mute the thread</a>.<img src="https://github.com/notifications/beacon/AkpZtkc6_ptJQIj8F6np2osyQm7RaNM1ks5vGGUMgaJpZM4aKpN9.gif" height="1" width="1" alt="" /></p>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/bisq-network/proposals","title":"bisq-network/proposals","subtitle":"GitHub repository","main_image_url":"https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/bisq-network/proposals"}},"updates":{"snippets":[{"icon":"PERSON","message":"@freimair in #69: now that I think of it, one could use certificate authentication instead of JWT\r\n\r\nthis has several advantages:\r\n- mobile phones grow more and more towards offering an embedded secure element. I.e. a mobile phone can use its secure element to store the certificate\r\n- does client authentication in TLS/SSL needs to be a fully-fledged domain certificate? if so, one can just implement a challenge-response thingy for authentication\r\n- certificate pinning can get your authentication sorted\r\n- one can use the certificate pinning stuff for localhost access as well\r\n- did I miss anything?"}],"action":{"name":"View Issue","url":"https://github.com/bisq-network/proposals/issues/69#issuecomment-456803110"}}}</script>

<script type="application/ld+json">[

{

"@context": "http://schema.org",

"@type": "EmailMessage",

"potentialAction": {

"@type": "ViewAction",

"target": "https://github.com/bisq-network/proposals/issues/69#issuecomment-456803110",

"url": "https://github.com/bisq-network/proposals/issues/69#issuecomment-456803110",

"name": "View Issue"

},

"description": "View this Issue on GitHub",

"publisher": {

"@type": "Organization",

"name": "GitHub",

"url": "https://github.com"

}

}

]</script>