W3C home > Mailing lists > Public > public-webauthn@w3.org > August 2019

Re: [webauthn] Standardising support for software authenticators (#1175)

From: justf0rfun via GitHub <sysbot+gh@w3.org>
Date: Thu, 29 Aug 2019 18:30:17 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-526307292-1567103416-sysbot+gh@w3.org>
@akshayku @filips123 @nicksteele

I am not an expert so please correct me if I am wrong. As far as I know the FIDO2 Authenticators of Windows uses the TPM and Android uses Secure Element which is like TPM for mobile devices. I don't know if they support software only CTAP2 compatible authentication. They is desktop, laptop and mobile hardware out there without TPM and Secure Element.

I don't know where a purely software base public key authentication solution would be located best (WebAuthn, FIDO2, CTAP2 or a new protocol) but I would like to appreciate action towards it. While I am currently still trying to understand the mentioned techniques, I have the notion that purely software based public key authentication is much more flexible on backup and sharing of keys between systems and users and having fewer dependencies. Also I think about if privacy is weakend when a RP is able to see from which device a user is connected by distinguishing the keys resulting from using different hardware authenticators for different computing systems.

GitHub Notification of comment by justf0rfun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1175#issuecomment-526307292 using your GitHub account
Received on Thursday, 29 August 2019 18:30:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:06 UTC