- From: Emil Lundberg <emil@yubico.com>
- Date: Thu, 23 Aug 2018 12:35:02 +0200
- To: W3C Web Authn WG <public-webauthn@w3.org>
Received on Thursday, 23 August 2018 10:35:37 UTC
This article was published today, highlighting a number of issues they identified in WebAuthn: https://paragonie.com/blog/2018/08/security-concerns-surrounding-webauthn-don-t-implement-ecdaa-yet As far as I can tell, their main concerns are: - JOSE implementations are historically error prone - RSA with PKCS1v1.5 padding - Many concerns about the security of ECDAA - Point compression not allowed - Nondeterministic nonces - BN curves /Emil -- Emil Lundberg Software Developer | Yubico <http://www.yubico.com/>
Received on Thursday, 23 August 2018 10:35:37 UTC