Re: Extension Idea: Support for SSH and Other Arbitrary Signed Challenges from Adam Powers on 2018-05-18 (public-webauthn@w3.org from May 2018)

From: Adam Powers <adam@fidoalliance.org>
Date: Thu, 17 May 2018 23:13:34 -0700
To: Christiaan Brand <cbrand@google.com>, Adam Langley <agl@google.com>
Cc: david@davidstrauss.net, W3C Web Authn WG <public-webauthn@w3.org>
Message-ID: <CACu+4cs86hew_g5D=fYprMvUoYkE1vs3TLXqqCViUKCEpARCng@mail.gmail.com>

Since Christiaan mentioned sshd, here are some notes on how to implement
FIDO in sshd (should anyone be looking for a weekend project):
https://lists.mindrot.org/pipermail/openssh-unix-dev/2018-April/036885.html

Apologies for propagating the off-topicness.


On May 17, 2018 at 1:29:12 PM, Christiaan Brand (cbrand@google.com) wrote:

Also, chances of us adding raw signing to FIDO is extremely slim. I see
more potential with upstreaming a change to sshd to understand FIDO creds...

On Thu, May 17, 2018 at 12:54 Adam Langley <agl@google.com> wrote:

> On Thu, May 17, 2018 at 12:48 PM David Strauss <david@davidstrauss.net>
> wrote:
>
>> This is exactly what I'm requesting. This isn't a call for deep support
>>> for SSH in FIDO, only the cryptographic operation (raw signing) that would
>>> make it possible to use that way with the right client-side glue (which
>>> would be totally outside FIDO).
>>>
>>
> But this is the W3C mailing list, and the W3C does web stuff :)
>
> The CTAP2 spec, while obviously something that the W3C is building on with
> webauthn, comes from FIDO, which is a completely separate organisation.
>
> I don't know how helpful it is, but FIDO has a general page with some
> contact points here: https://fidoalliance.org/participate/community/
>

Received on Friday, 18 May 2018 06:14:04 UTC