- From: Gary Marriott via GitHub <sysbot+gh@w3.org>
- Date: Sat, 30 Jul 2022 18:44:35 +0000
- To: public-webauthn@w3.org
If I may, I have quite a familiarity with SQRL & a little less so with Webauthn & Fido2-UAF. As far a a complete integration where by a SQRL V1.0 client can talk to a WebAuthn back end, it would need some significant additions to the spec to accommodate this protocol as an authenticator & there are some deficits with SQRL V1.0 in the realm of asserting TLS E2E authenticity that may not be advantageous. Thus a few backward compatible upgrades so the SQRL spec would be required. That said, there are some aspects of SQRL in the Realm of Site Specific Key generation & lifetime identity management (as described in your citations) that are vastly superior to the current non-scaling way that FIDO2 manages keys that I think would be advantageous to add as an option. In that space then, possibly having a WebAuth compostable authenticator app or token that uses the core SQRL mode of forward-only deterministic key generation & management would be something worth working on as an alternative to trying to shift WebAuthn at this stage. -- GitHub Notification of comment by ramriot Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1786#issuecomment-1200275247 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 30 July 2022 18:44:37 UTC