Re: [webauthn] Add importCryptoKey input to PRF extension (#1945) from Emil Lundberg via GitHub on 2023-10-04 (public-webauthn@w3.org from October 2023)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 04 Oct 2023 14:07:30 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1746954092-1696428448-sysbot+gh@w3.org>

On the other hand one could argue that this still misses the mark - it's still the client handling the private keys, so they are still not hardware-bound. Perhaps we should instead do this with a new extension that enables actually hardware-bound private keys.

But again in favour of doing this in PRF: this would be compatible with existing authenticators that support the CTAP2 `hmac-secret` extension; a new extension would not be compatible with existing authenticators.


-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1945#issuecomment-1746954092 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 4 October 2023 14:07:32 UTC