- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 06 Sep 2023 20:46:15 +0000
- To: public-webauthn@w3.org
Summary of discussion on 2023-09-06 WG call: There needs to be a point to doing this, and the unique value proposition we can offer here is that the platform can guarantee that keys imported this way are truly unextractable. The most promising use case we imagine is asymmetric encryption: using PRF to derive a truly unextractable private key which can be used for encryption (i.e., RSA) or to derive symmetric encryption keys (i.e., ECDH). Even though any derived or wrapped keys will be extractable, the encryption use case mitigates that issue since the keys will be present only when the cleartext is also, and the unextractable asymmetric key allows for rotating the symmetric keys at frequent intervals to further mitigate the impact of a leaked symmetric key. As such, the #1946 alternative of hard-coding this to import an HKDF key would be rather pointless, since any keys derived from that would be extractable without enabling the use cases enabled by an asymmetric key. We will instead move this design further toward having the client do more in its controlled environment to enable truly unexportable asymmetric keys. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1945#issuecomment-1709092953 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 6 September 2023 20:46:17 UTC