- From: David Waite via GitHub <sysbot+gh@w3.org>
- Date: Tue, 10 Sep 2019 20:45:16 +0000
- To: public-webauthn@w3.org
The "lightning" transport as spelled today can be interpreted three ways: 1. That the authenticator has a physical lightning male connector. This would be different from the USB transport, which is connector-agnostic. 2. That the authenticator speaks a CTAP2-over-MFi protocol. This could be via an alternate connector (such as USB-C) or even hypothetically over bluetooth. 3. Yubikey's specific hardware implementation of CTAP2-over-MFi I believe @alanwaketan 's argument would be that WebKit/Safari don't see the value in advertising the first interpretation, nor would they support the second one. There's an argument to be made that third party browsers may wish to advertise they support the second interpretation, as they may not be able to support USB as a transport. It is worth directly asking @alanwaketan and @othermaciej whether a third party browser could be expected to support USB transport around the timeline if/when WebKit supports it - but these browsers are shipping today, and the "lightning" transport is providing a flag to RPs to which keys would work on iOS/iPadOS hardware. There's also an argument to be made that the third interpretation is correct, and there never should have been a generic transport name. Access for an app to a MFi device is granted not based on protocol but on device vendor. It is certainly possible an enterprise app might have access to talk to Yubico keys over MFi, but not access to talk to a hypothetical Project Titan key. -- GitHub Notification of comment by dwaite Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1294#issuecomment-530111769 using your GitHub account
Received on Tuesday, 10 September 2019 20:45:17 UTC