JS bindings for usage of session keys #177
Description
#36 requests an API for directly generating new keys and doing signing operations. For sites with strong client-side SDKs, they can reduce the server-side complexity if they do the signatures and set cookies with JS.
Given that DBSC already provides a higher-level API over session key generation and signatures, I don't think this has significant privacy risk. It does have some long-term compatibility risk, given that it could limit our ability to replace the current TPM signature operations with something else.