Re: [webauthn] registration of EdDSA credentials without resident keys fails (#1437) from Adam Langley via GitHub on 2020-06-08 (public-webauthn@w3.org from June 2020)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Mon, 08 Jun 2020 16:29:32 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-640736128-1591633771-sysbot+gh@w3.org>

> A roaming authenticator not supporting ES256 seems like a bit of a corner case.

In this case it's about the RP not supporting ES256. Currently Chrome is routing the request to the U2F stack because a PIN is set on the authenticator but then the U2F stack is dropping it because it cannot be translated without ES256 support. In this corner-case, I think Chrome could behave better.

> From a user experience, I think it would be better to allow for the use of EdDSA if available without requiring the PIN.

Chrome can't do that without changes to the authenticator, but those changes are ready in the next version of CTAP2, so that should be the case in the future.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1437#issuecomment-640736128 using your GitHub account

Received on Monday, 8 June 2020 16:29:34 UTC