W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2020

[webauthn] Remove Out-Of-Scope PRF Extension (#1478)

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Thu, 03 Sep 2020 22:31:40 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-692451924-1599172298-sysbot+gh@w3.org>
jcjones has just created a new issue for https://github.com/w3c/webauthn:

== Remove Out-Of-Scope PRF Extension ==
This is a follow-up to https://github.com/w3c/webauthn/issues/1462.

## Background

The pseudo-random function extension does not belong in PublicKeyCredential or in Web Authentication’s specification, and should be moved into another document with its own methods extending the Web Cryptography API. In addition to the ergonomic issues brought up in [Issue #1462](https://github.com/w3c/webauthn/issues/1462), the extension is out-of-scope with the [WebAuthn Working Group’s 2019 charter](https://www.w3.org/2019/10/webauthn-wg-charter.html). 

The extension produces 256-bit long arrays, obviously though not explicitly intended for symmetric encryption, tied to the public key cryptography via the pseudo-random function the extension is named for. The extension is clever and has uses, however the working group’s charter section 2 has two “in scope” features:

> (1) Requesting generation of an asymmetric key pair within a specific scope (e.g., an origin);
> (2) Proving that the browser has possession of a specific private key, where the proof can only be done within the scope of the key pair. In other words, authentication should obey the same origin policy.

One could argue that the pseudo-random bytes are proof-of-possession per bullet 2, but further I call attention to the charter’s section 2.1, “Out of Scope”: 

> Out of scope: federated identity, multi-origin credentials, low-level access to cryptographic operations or key material.

At best, one would be prosecuting whether naked 256-bit byte arrays derived from key material and salts amount themselves to key material, or a cryptographic operation.

The spirit of the WebAuthn charter is that the group produce the public key signature scheme, "obviating the use of shared secrets" as our charter describes it.

About two weeks ago, [I commented on blink-dev](https://groups.google.com/a/chromium.org/g/blink-dev/c/N8bEfUybqaQ/m/OH0pF1NJCAAJ) as to the divergence of this extension from the charter, and have not seen any response. 
## Remedy

I intend to open a Pull Request to remove the extension from WebAuthn Level 2 in advance of the document advancing to [candidate recommendation](https://www.w3.org/Consortium/Process/Process-19991111/tr.html#RecsCR).  However, the extension has uses, and there exists interest in how it could more ergonomically interact with WebCrypto, per some of the discussion in [Issue #1462](https://github.com/w3c/webauthn/issues/1462). 

I believe the extension should be moved to the [WICG for incubation](https://www.w3.org/community/wicg), or barring that, we perhaps consider the [established Note process for working groups](https://www.w3.org/2019/Process-20190301/#Note) (pending discussion of how that process interacts with the charter-scope issue).

In either case, we owe it to the community to solicit wider input on the practical WebCrypto interaction ergonomics than we can obtain here within just WebAuthn. Among the reasons we limit charter scopes is to ensure that groups have the correct expertise in the room before something becomes a standard, and our expertise is declared to be asymmetric cryptography.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1478 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 3 September 2020 22:31:42 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:41 UTC