Re: [webauthn] DPK attestation may create possible side channel attack on the batch key. (#1701) from =JeffH via GitHub on 2022-02-23 (public-webauthn@w3.org from February 2022)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 23 Feb 2022 21:04:20 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1049214445-1645650258-sysbot+gh@w3.org>

on 23-Feb-2022 call: 
@agl: options 1 or 2 are ok.  
@ve7jtb maybe do option 2  and leave it to authnr to add a nonce if the signature alg being used is not properly side-channel resistant.
@agl: also authnr can select nonce length (?)  
@ve7jtb:  maybe make length max 32 bytes could be less?
@agl: if rp gets same sig, then ok, if not same, then need to do verify
@ve7jtb:  tho with non-det ecdsa,  will need to do verify each time even if nonce not included

@agl  current design: authnr stores dpk attstn sig and replays it (when there's no nonce).  adding nonce fine. RPs will need to validate sigs.




-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1701#issuecomment-1049214445 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 23 February 2022 21:04:21 UTC