So you would manage their keys for them? It helps overcome the technical issues of creating keys but it does t solve any trust or auto issues, does it?
It seems like there is some missing infrastructure, like if you drivers license had a chip with a key pair on it, I could see plugging it in to a card reader and having the browser send my signed identity certificate to the server. I guess credit card companies could do this too, i vaguely remember some sort of visa scanning device you could plug in to your computer for something like this in the 1990s.
It's not really for security or trust, but rather a temporary credential to avoid having them create an account during that precious first impression. They'd probably have to add a traditional password and email later on, but they could get started using it without needing that burden right away. I'd even be okay expiring the certificates after a week, since you should have a permanent account by then.
One time, I automatically created 'accounts' for people based on their IP address on a toy project, because I didn't want to manage emails or passwords. It made it really convenient to use, but there's no way it would work as a permanent solution. I was imagining client certificates for a slightly more durable replacement, but for the same purpose.
Then again, OAuth logins seem to give something about as good so maybe this isn't necessary anymore. I never really bothers me to log in with Google.
It seems like there is some missing infrastructure, like if you drivers license had a chip with a key pair on it, I could see plugging it in to a card reader and having the browser send my signed identity certificate to the server. I guess credit card companies could do this too, i vaguely remember some sort of visa scanning device you could plug in to your computer for something like this in the 1990s.