> The most interesting extension of this idea comes from the creator of Signal, Moxie Marlinspike’s recent work with Confer. In Passkey Encryption, he describes using the WebAuthn PRF extension to derive durable encryption key material from a passkey.
I do respect Moxie Marlinspike, but I'm not sure he "came up with this idea". I read about it first from the author of Age [1]. And to me it seems like whoever worked on adding a PRF extension to WebAuthn probably knew that PRFs are cool and could be used for cool stuff.
All that to say, I don't feel a need to attribute that to someone in particular, but if I did, I would want to be sure I am right.
palata•1h ago
I do respect Moxie Marlinspike, but I'm not sure he "came up with this idea". I read about it first from the author of Age [1]. And to me it seems like whoever worked on adding a PRF extension to WebAuthn probably knew that PRFs are cool and could be used for cool stuff.
All that to say, I don't feel a need to attribute that to someone in particular, but if I did, I would want to be sure I am right.
[1]: https://words.filippo.io/passkey-encryption/