- From: Thomas Duboucher via GitHub <sysbot+gh@w3.org>
- Date: Tue, 19 Jul 2022 09:09:17 +0000
- To: public-webauthn@w3.org
> Can you provide me with a reference for a specification that doesn't allow wrapped keys? > > I know of implementations where Discoverable keys are wrapped by the SE and stored on external unsecured flash. > > This should perhaps be taken up with the Fido SPWG as a certification issue. I don't think a simple flag without certification can solve this, if wrapping is not allowed for some reason. > > I haven't seen this with NIST AAL3 or FIPS 140. > > This would potentially cause fragmentation if exposed to RP so we need to understand the use case. > > At the moment there are almost no authenticators certified above Fido L1 software storage, and only a handful FIPS or cc certified. > > Yubico's first Fips 140-2 general 2 physical 3 authenticator the YK4 FIPS was U2F (wrapped) only and is used at AAL3. > > Wrapping done properly in a certified device is no less secure than keeping the keys on the secure element. True someone could do a crap job of wrapping but a weak random number generator is probably a much larger concern. All of that should be covered in certification. To complement @ve7jtb 's answer, Current Protection Profile for FIDO devices (and possibly future 😉) require the key _not_ to be wrapped, see BSI-PP-CC-0096-V3-2018. The fact that the key is hardware bound in a Secure Element is a property of any L3/L3+ (EAL4+, AVA_VAN.5) FIDO device. All in all, this is covered by the certification, and is the reason why we have device attestation in the first place. -- GitHub Notification of comment by serianox Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1761#issuecomment-1188798778 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 19 July 2022 09:09:19 UTC