- From: Arshad Noor via GitHub <sysbot+gh@w3.org>
- Date: Fri, 04 Jun 2021 03:12:58 +0000
- To: public-webauthn@w3.org
arshadnoor has just created a new issue for https://github.com/w3c/webauthn: == Firefox generates credentials using TPM with Windows Hello - but does not send TPM attestation == In some recent testing, using the following: - Laptop with fingerprint reader - Windows Hello configured with a fingerprint - Windows 10 Pro - Version 1909, Build 1863.1440 - Firefox (64-bit) 89.0 - Chrome (64-bit) 91.0.4472.77 - Edge (64-bit) 91.0.864.37 - Opera (64-bit) 76.0.4017.177 - Test site: https://demo4.strongkey.com/basicserver All listed browsers use the TPM to generate platform keys when registering at this site; however, only Firefox does not provide a TPM attestation - it returns "none" - while the remaining three return TPM attestations. We can confirm that the TPM was used by Firefox because **certutil -csp NGC -key** shows a new key in the list after successful registration with Firefox; when the key is deleted with _certutil_, the credential cannot be found for authentication and Firefox prompts for a Security Key. At other times (when the TPM key is not deleted), Firefox continues to work with TPM generated keys - even when not created by Firefox - to authenticate users to the site. The FIDO2 server on the back-end is StrongKey's FIDO Certified implementation, and sends registration challenges with the declaration that it will accept any attestation format in this web-application. Is there an explanation for this? Couldn't find anything in Bugzilla. TIA. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1620 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 4 June 2021 03:13:15 UTC