W3C home > Mailing lists > Public > public-webauthn@w3.org > August 2019

Re: [webauthn] Standardising support for software authenticators (#1175)

From: justf0rfun via GitHub <sysbot+gh@w3.org>
Date: Thu, 29 Aug 2019 18:30:17 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-526307292-1567103416-sysbot+gh@w3.org>
@akshayku @filips123 @nicksteele

I am not an expert so please correct me if I am wrong. As far as I know the FIDO2 Authenticators of Windows uses the TPM and Android uses Secure Element which is like TPM for mobile devices. I don't know if they support software only CTAP2 compatible authentication. They is desktop, laptop and mobile hardware out there without TPM and Secure Element.

I don't know where a purely software base public key authentication solution would be located best (WebAuthn, FIDO2, CTAP2 or a new protocol) but I would like to appreciate action towards it. While I am currently still trying to understand the mentioned techniques, I have the notion that purely software based public key authentication is much more flexible on backup and sharing of keys between systems and users and having fewer dependencies. Also I think about if privacy is weakend when a RP is able to see from which device a user is connected by distinguishing the keys resulting from using different hardware authenticators for different computing systems.

-- 
GitHub Notification of comment by justf0rfun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1175#issuecomment-526307292 using your GitHub account
Received on Thursday, 29 August 2019 18:30:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:06 UTC