- From: Firstyear via GitHub <sysbot+gh@w3.org>
- Date: Sat, 01 May 2021 01:59:49 +0000
- To: public-webauthn@w3.org
> It is constructed on top the [`hmac-secret` CTAP extension](https://fidoalliance.org/specs/fido-v2.1-rd-20210309/#sctn-hmac-secret-extension), yes, but that doesn't mean it's a message authentication algorithm. `hmac-secret` "is used by the platform to retrieve a symmetric secret from the authenticator", and the PRF extension in turn uses that to construct pseudo-random functions on top of it. See also for example [HKDF](https://tools.ietf.org/html/rfc5869), which similarly constructs a key derivation/expansion algorithm on top of HMAC. Cool, so as discussed on the other thread, this would need to be renamed to "Key Derivation Function" then :) Regardless, I think we should consider an extension for allowing data signatures to be produced at this point since I think that's what's required here. -- GitHub Notification of comment by Firstyear Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1595#issuecomment-830488127 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 1 May 2021 01:59:55 UTC