Agreed on the clever part, but arguably that's exactly what PRF was designed for :)
> The catch is credential revocation: leaked passkeys mean full rotation and bulk re-encryption of files.
That's where the PRF input of key derivation comes in. The idea is to have that input be rotate-able.
That's also why there is two of them: So you can "atomically" (or at least using only one WebAuthN interaction) rotate the derived keys.
Agreed on the clever part, but arguably that's exactly what PRF was designed for :)
> The catch is credential revocation: leaked passkeys mean full rotation and bulk re-encryption of files.
That's where the PRF input of key derivation comes in. The idea is to have that input be rotate-able.
That's also why there is two of them: So you can "atomically" (or at least using only one WebAuthN interaction) rotate the derived keys.