I’m standing in a line on my iPhone, waiting to get into a basketball game. So apologies for being sloppy.

Ok, so you’re talking about technologies that already exist and practically everyone has them.

First, you don’t need a new HTTP protocol, you’d use regular HTTPS with certificate authentication.

The glove you speak of is a biometric device with a Secure Enclave (SE) (eg Apple Watch) or secure access to a device with an SE.

This SE stores the private key of a key pair in a manner inaccessible without biometrics. This is also how PassKeys work.

A key challenge here is that everyone has a variety of devices from a variety of OEMs that are all simultaneously talking to multiple services synchronously. More often than not, a web request actually isn’t initiated by a human.

So, you’ll need to get everyone to agree on a standard. You’ll need to address the privacy concerns of privacy-minded people, because if you can attest that a person is actually there, doing something that is going to set off warning bells for private people. It’s also going to set off dinner bells for advertisers and governments.

Again sorry, I’m on mobile and in a line. These exact scenarios (and their drawbacks) are routinely discussed in technical and privacy circles.

Read up on technologies like PKI, certificate-based Auth, PassKeys, Secure Enclave, and biometric devices. The Apple Platform Security Guide is a good first step on what a commercial product is already doing.

All interesting ideas but to get traction make it part of a low latency haptic suit that people can use to sex each other up or show off their PVPness, make some prototypes for executives and investors to play with and I could see it getting attention. Maybe get a demo integrated with VRChat. On the more taboo end and to not discriminate make all sizes of suits for all body types and ages. Provide an SDK so that all gaming companies can incorporate your suit. That should give "Collision Detection" a whole new meaning and experience.

If Tesla optimus robots were breaking into my house at night, logging into my computer, and using my web browser, this would be one solution.

You didn't mention anything about how the web server knows if the other end of the connection is this user-hostile browser or a python/javascript bot with a spoofed user agent.

One day the glove will have some connection problem and you won't be able to troubleshoot it because you can't use the internet.

This would always need some backup solution and now you're back on square one.

Edit: also you'd need accessibility, so a glove is out. And how do you handle game consoles? Voice assistants like Siri or Alexa?

1. I wouldn't want to wear a glove while typing. 2. Maybe for something like nuclear missile control you would want extremely high security like this, but for something like low stakes like a google search it seems overkill.

Maybe an attacker could record a couple hours of glove usage, and then replay this with slight variations.

All that might be good until government will take over that idea to kill anonymity. In case that glove can also get a human fingerprints.

Sell it to Mark Zuckerberg.

This gets a hard NO from me.

Even aside from the hardware aspect of it, or the ick factor of biometrics to use the web, or possibly launching it and getting full adoption, or the fact that it absolutely could have the data spoofed, or that new attacks would be developed to MITM someone's pulse and mirror it on their bot's connection...

Where is this validation happening? Not on every transaction to every web server, surely. How could a HTTP protocol possibly actually achieve this kind of validation?

I do not want to wear any smart tech for any reason.