The beauty of TLS is that it's a standard that operates cross-platform
Specific to the client key fingerprints for authenticating to services--you can absolutely present an expired certificate in the TLS handshake and it will absolutely work if the other side says to not care about that. The only thing that will occur is that the Windows Event log will have a bunch of events saying that your certificate expired. Realistically, the fingerprint concept in services is merely a form of certificate pinning which itself obviates the need to have any data in the certificate itself be valid. I.E. even today all client certificates performing authentication are self-signed. Most folks probably wouldn't know about the event log thing anyway.
I know this is IRC we're talking about, but it would be quite nice to have a key be presented and stored from a hardware device--whether virtual smart card via TPM, a TPM generated key, or a physical smart card.
Ideally, we'd have a platform that supports WebAuthN instead (I assume the fingerprinting could be the same here), but using x.509 today would offer the most compatibility (since that's what's being used today anyway).
New-SelfSignedCertificate -Type Custom -Provider "Microsoft Platform Crypto Provider" -Subject "CN=magamiako" -KeyExportPolicy NonExportable -KeyUsage DigitalSignature -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My"
And then the certificate selection window could be updated to just allow input of the fingerprint to use to authenticate.
