Re: [webauthn] Removing “lightning” from AuthenticatorTransport (#1294) from John Bradley via GitHub on 2019-09-11 (public-webauthn@w3.org from September 2019)

From: John Bradley via GitHub <sysbot+gh@w3.org>
Date: Wed, 11 Sep 2019 22:37:44 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-530592981-1568241462-sysbot+gh@w3.org>

The name is just a string as long as what it means is clear it could be anything. I think I did suggest a fish name to Jeff H. at one point to avoid potential controversy.

All the Yubico 5Ci keys with USB-C support standard HID transport over USB on both connectors.
Due to the complexities of MFi they only support the encapsulated transport on lightning and not USB-C though people are asking for that to support iPAD Pro.

On the assumption that you are making CTAP2 work over USB for regular keys, the iPad Pro situation should sort itself out in a timely enough manner that we don't need to expose CTAP2-MFi over USB-C.

We had a request from someone currently doing U2F on iOS to have two transports one for the phisical lighning connector and one for encapsulated CTAP2-MFi. Given we hope to only do encapsulated CTAP2-MFi on litening I talked them back to one hint.

I don't care what it is called there are a handfull of apps and a handfull of RP that use the transport hints. (Mostly Google to smartlock to exclude non BLE at the moment)

I totally agree that you shouldn't do the CTAP2 over MFi thing. That would be clearly wrong, but it is something that can work for existing Pre iPhone 7 devices.

If we pick a name to change it to then we can debate more interesting things in Japan.
I would be good with MFi , EAF (External Accessory Framework https://developer.apple.com/documentation/externalaccessory ) or just tuna because it is just a string.

I am happy to add any appropriate words about this being for backwards compatibility for older phones and only applying pre iOS13?

In reality, no RP should ever filter on the transports. It is a hint for the user agent.
That is my biggest problem with the transport hints is that RP may be tempted to do stupid things based on them.

By the way, when is Safari on iOS going to be wired up to all this goodness? I still didn't see anything in yesterdays iOS 13.1 dev beta. I know forward-looking things probably can't be commented on, but knowing some timing would help, now that we know that CTAP2 will be supported over USB-C and lightning using the normal HID transport.

Will you be at TPAC?

Regards

--
GitHub Notification of comment by ve7jtb
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1294#issuecomment-530592981 using your GitHub account

Received on Wednesday, 11 September 2019 22:37:45 UTC