- From: justf0rfun via GitHub <sysbot+gh@w3.org>
- Date: Thu, 29 Aug 2019 18:30:17 +0000
- To: public-webauthn@w3.org
@akshayku @filips123 @nicksteele I am not an expert so please correct me if I am wrong. As far as I know the FIDO2 Authenticators of Windows uses the TPM and Android uses Secure Element which is like TPM for mobile devices. I don't know if they support software only CTAP2 compatible authentication. They is desktop, laptop and mobile hardware out there without TPM and Secure Element. I don't know where a purely software base public key authentication solution would be located best (WebAuthn, FIDO2, CTAP2 or a new protocol) but I would like to appreciate action towards it. While I am currently still trying to understand the mentioned techniques, I have the notion that purely software based public key authentication is much more flexible on backup and sharing of keys between systems and users and having fewer dependencies. Also I think about if privacy is weakend when a RP is able to see from which device a user is connected by distinguishing the keys resulting from using different hardware authenticators for different computing systems. -- GitHub Notification of comment by justf0rfun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1175#issuecomment-526307292 using your GitHub account
Received on Thursday, 29 August 2019 18:30:20 UTC