Yeah, I have read and heard the same things, and come the same conclusions. It is certainly not good If even @Steve is not talking about it optimistically in the podcast.If I read that right, then I don't think he's going to invest more "good" time after "bad".
@Jeffa & everyone...As you will have seen in my other recent thread I think that enabling SQRL as a backend for SAML and OAUTH is a way to enable support for 1000s of apps and services today without changing a line of their code.
Carefully done this should be possible without losing the majority of the benefits of SQRL.
When you have the wind and the bandwidth, I hope you can at least write it up for future generations.@Jeffa & everyone...
What Jeff wrote above is true, but (as we know) that wasn't my vision for SQRL and I don't know how to compromise when I see and believe in the right way to do something. The crux of SQRL was the fact that 25519 private keys can be directly created from any large integer by tweaking three of its 256 bits, thus making private keys deterministic. Everything about SQRL flowed from that original observation. I've spent some time studying the FIDO2 / WebAuthn technology and I've invented another system and solution which would bring all—and I mean all—of SQRL's benefits to the current Passkeys system. But as Paul noted up-thread, for the time being at least, I just don't have any more wind in my sails about this. And since SQRL2 would be fully backward and forward compatible with the currently evolving Passkeys system, while being FAR more practical, no there's no big hurry. It can be adopted at any time.
The supreme annoyance is the fact that even with strong identity authentication, there's no indication that "I don't have my Passkey with me, send an eMail" fallback will EVER go away. Given that, users will still have their identities compromised. But... maybe over time if and as Passkeys become prevalent.
I haven't mentioned any of this before since I don't plan to do anything about it now or soon, and I haven't been able to think about anything other than fulfilling my obligation to SpinRite's current owners. But at some point I expect it will be worth revamping SQRL to make it fully FIDO2/WebAuthn/Passkeys compatible.
There's no way I'll allow it to drop. Since a SQRL2 client would be FIDO2/WebAuthn/Passkeys client like another other, it will be able to some along at any time to replace the fragmented mess that appears to be developing.When you have the wind and the bandwidth, I hope you can at least write it up for future generations.