Recovering from Device Loss in WebAuthn from Alex Takakuwa on 2018-05-31 (public-webauthn@w3.org from May 2018)

From: Alex Takakuwa <alextaka@uw.edu>
Date: Wed, 30 May 2018 23:34:36 -0700
To: public-webauthn@w3.org
Cc: Hideo Nishimura <nishimura.hideo@lab.ntt.co.jp>, Alexei Czeskis <aczeskis@google.com>, Arnar Birgisson <arnarb@google.com>, Tadayoshi Kohno <yoshi@cs.washington.edu>
Message-ID: <CAEOgND-=dj-7B06Y0F5K7PAHQ5Hs+GxwMaZX-QboBC05j7-YyQ@mail.gmail.com>

In April, we sent an email introducing some potential solutions to the
problem of “Recovering from Device Loss in WebAuthn”.

As you all know, in the current WebAuthn specifications, users face a
potentially onerous process when migrating to new devices either because of
device loss or just a device upgrade. We view this as a problem that can be
solved while retaining all the security guarantees of the existing WebAuthn
scheme and improving the usability of WebAuthn drastically all without
changing the API. We would like to encourage members of the WebAuthn
mailing lists to join us in developing proposals that can be accepted into
the WebAuthn specifications to solve the problem of recovery from device
loss and device upgrade.

Our preliminary proposals are listed here:
https://docs.google.com/document/d/1tRLbXYLb9Z65QqhOX7v9D-aq_RUODyn5oALpCXj46K8/edit?usp=sharing


I look forward to hearing your feedback!

Received on Thursday, 31 May 2018 06:36:49 UTC