> Do you know what WebCrypto adds that TLS doesn't? Nothing.
No, consider this: an end-to-end encrypted messaging web page delivered over TLS that stores keys in browser local storage.
A passive attacker that can see the incoming traffic on the server but does not want to alter the JavaScript sent to the clients will never see the messages. I argue this is weak but not useless.
(I would argue all TLS encryption in the browser is, in a sense, opportunistic to a certain extent, since very rarely people look at the address bar, effectively making it unauthenticated.)
Do you know what stops all passive attackers and most active attackers? TLS.
Do you know what WebCrypto adds that TLS doesn't? Nothing.
That's why this is useless. Just use TLS correctly and you're better off.
Now, reframe this as "desktop application that uses libsodium in a protocol designed by cryptography engineer" and suddenly my interest is piqued.