W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2020

[webauthn] Pull Request: Add Yubico's proposed recovery extension

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 27 May 2020 15:48:37 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.opened-423946918-1590594516-sysbot+gh@w3.org>
emlun has just submitted a new pull request for https://github.com/w3c/webauthn:

== Add Yubico's proposed recovery extension ==
This is an attempt at solving #931 through Yubico's proposed recovery extension, as proposed in https://github.com/Yubico/webauthn-recovery-extension . Formal proofs of the security of the key generation scheme are currently awaiting peer review.

For interoperability between authenticator vendors, this would also need some additions to CTAP. A proposal for that is also included in the link above, but is outside the scope of WebAuthnn.

It might be more suitable to extract the details of the key generation algorithm to an external reference, but I don't currently know where to start in that case. Either way, I think it's useful to get some review from this working group for starters.

See https://github.com/w3c/webauthn/pull/1425
Received on Wednesday, 27 May 2020 15:48:39 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 27 May 2020 15:48:40 UTC