Re: [webauthn] devicePubKey → supplementalPubKeys (#1957) from Arian van Putten via GitHub on 2023-09-06 (public-webauthn@w3.org from September 2023)

From: Arian van Putten via GitHub <sysbot+gh@w3.org>
Date: Wed, 06 Sep 2023 15:17:36 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1708584452-1694013454-sysbot+gh@w3.org>

I understand the use-case now.

I have some thoughts on solving this another way though. Maybe this doesn't belong as a discussion on this PR. We can move this discusison elsewhere.

The central problem here is that "multi-device credentials do not have attestation because they're not device-bound".
I'm curious if it can be solved without touching the spec and moving the whole extra key business to the sync fabric of the passkey provider.

I think device-bound keys are compatible with moving between secure elements. HSMs and TPMs have supported this usecase for ages using key-wrapping.

For example:

1. User Create a passkey on HooliPhone A and stores it in the secure element.
2. User buys a HooliPad B and logs into it with their Hooli account. user needs to confirm the sign in with their HooliPhone A. HooliPad generates an assymetric key-wrapping key and uploads the public part to Hooli servers.
3. HooliPhone A downloads HooliPad B's key-wrapping key and encrypts the users' Passkeys with them.
4. HooliPad B downloads the key-wrapped passkeys that HooliPhone A uploaded and unwraps them in the secure element. Because the key-wrapping key's private key never leaves HooliPad B's secure element we're sure that the Passkey never ends up unencrypted on Hooli's servers and is only present on the user's device's secure elements
5. The passkey is now in the Hoolipad's secure element.
6. We can attest that the passkey is on the Hoolipad using an assertion-time attestation.

The key-wrapping and unwrapping is part of the sync-fabric between hooli devices and hooli servers. The RP doesn't have to care. It also has the added benefit that we cryptographically know that Hooli can not access the Passkeys in unencrypted form.

Reason why I want to move this logic into the Passkey sync fabric is to keep implementation for RPs easy. If we drop the notion of "multi-device credentials aren't device-bound" I think this simplifies things for RPs.

--
GitHub Notification of comment by arianvp
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1957#issuecomment-1708584452 using your GitHub account

--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 6 September 2023 15:17:39 UTC