W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2020

Re: [webauthn] registration of EdDSA credentials without resident keys fails (#1437)

From: Nico Caille via GitHub <sysbot+gh@w3.org>
Date: Mon, 08 Jun 2020 15:54:01 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-640716450-1591631640-sysbot+gh@w3.org>
> If, in Chrome, you go to chrome://device-log and select “Debug” as the log level then you can see the underlying CTAP2 traffic to the security key. In this case, I'm guessing that there won't be any and that you've set a PIN on the security key. Since we can't create a credential over CTAP 2.0 without PINs, once one has been set, Chrome is falling back to the U2F protocol, which cannot handle anything but ECDSA.

My keys have PIN enabled but thanks now I have put `userVerification: 'preferred'` for the registration part, I confirm the credentials created are using EdDSA, and then the assertion for user login i maintain the `userVerification: 'discouraged'`. From a user experience, I think it would be better to allow for the use of EdDSA if available without requiring the PIN.

Thanks for your help

GitHub Notification of comment by nicocaille
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1437#issuecomment-640716450 using your GitHub account
Received on Monday, 8 June 2020 15:54:02 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC