W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2019

Re: [webauthn] Q: Regarding Security Concerns Surrounding WebAuthn: Don't Implement ECDAA (Yet) (#1196)

From: David Waite via GitHub <sysbot+gh@w3.org>
Date: Thu, 25 Apr 2019 01:58:26 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-486490681-1556157505-sysbot+gh@w3.org>
I believe there was some confusion by PIE on the role of ECDAA. It is meant as a way to attest the providence of an authenticator, not to secure the authentication itself. If ECDAA was completely broken, it would mean that a relying party may change their trust of authenticators which use ECDAA attestation (such as initiating a migration process off of those authenticators).

A server cannot 'avoid' ECDAA the way it can avoid requesting a particular signing algorithm, as the attestation format is a detail of the authenticator. A server that cares about the providence of an authenticator could choose to consider any authenticators using ECDAA attestations to have the default self-asserted/unattested level of trust. However, most sites are expected to not care about attestation at all, and the browsers will often strip attestation unless the user gives consent during registration.

When you say "1 - as required by fido-server-v2.0-rd-20180702", I believe you are talking about the P-256 curve, not a signing algorithm? A server must support this as part of other signing algorithms, such as ES256.

For the other points (and in my personal opinion) a lot of PIE's other arguments amount to "implementing crypto correctly is hard". Yes, if you are implementing *any* crypto algorithm (including those leveraging PKCS 1.5 padding), you should protect against timing attacks. Yes, if you accept a curve point you should verify that point is on the curve. Yes, if you use a format like JOSE/COSE that supports multiple algorithms, you should verify that the algorithm you requested was the one used. A good third party JOSE/COSE library should do those for you (and should have third party audits to back that up).

In an ideal world non-research usage would move to using a selected handful of algorithms and a library like libsodium - but there are political, technical and legacy support reasons that will never happen.

GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1196#issuecomment-486490681 using your GitHub account
Received on Thursday, 25 April 2019 01:58:27 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:37 UTC