On 9/14/22 03:55, Vitaly Zaitsev via devel wrote: > On 14/09/2022 08:46, Demi Marie Obenour wrote: >> The only other >> non-phishable authentication method is TLS client certificates and >> I would be fine with those. > > Fedora used to have TLS client certificate authorization (in Koji), but > this has been replaced by Kerberos. Could Fedora turn on PKINIT or make TLS client certificate authentication an option again? >> since almost every laptop has a TPM. > > In some countries (Russia, China and some other countries from the US > export banlist) hardware TPMs are prohibited. Still, even a pure software FIDO2 implementation is much better than TOTP etc. -- Sincerely, Demi Marie Obenour (she/her/hers) _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
