[webauthn] Pull Request: Add Yubico's proposed recovery extension

emlun has just submitted a new pull request for https://github.com/w3c/webauthn:

== Add Yubico's proposed recovery extension ==
This is an attempt at solving #931 through Yubico's proposed recovery extension, as proposed in https://github.com/Yubico/webauthn-recovery-extension . Formal proofs of the security of the key generation scheme are currently awaiting peer review.

For interoperability between authenticator vendors, this would also need some additions to CTAP. A proposal for that is also included in the link above, but is outside the scope of WebAuthnn.

It might be more suitable to extract the details of the key generation algorithm to an external reference, but I don't currently know where to start in that case. Either way, I think it's useful to get some review from this working group for starters.

See https://github.com/w3c/webauthn/pull/1425

Received on Wednesday, 27 May 2020 15:48:39 UTC