martinpaljak
commented
1 year ago This is what the Passkeys actually work with when delegating with QR code to a mobile phone?
Open AlfioEmanueleFresta opened 2 years ago
martinpaljak
commented
1 year ago This is what the Passkeys actually work with when delegating with QR code to a mobile phone?
micolous
commented
1 year ago FYI: https://github.com/kanidm/webauthn-rs/pull/232 now has a basic implementation in Rust, which was built from reading Chromium's source code. I wrote lots of notes in there, which should aid someone else writing an implementation of the protocol, including Chromium's many quirks.
It doesn't implement all the protocol features yet (like pairing, which only works on Android), but basic registration and attestation works, and it can also simulate an authenticator.
iinuwa
commented
9 months ago FYI, the caBLE 2.1/hybrid transport spec has been published in the CTAP 2.2 review draft: https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.html#sctn-hybrid
AlfioEmanueleFresta
commented
9 months ago Kudos on the reverse engineering @micolous!
Thanks for sharing this @iinuwa. I saw the draft and started implementing this a few months ago under the cable branch. I got advertisements working on iOS, and part of the handshake but more work is needed for the tunnel.
If anyone is interested in collaborating on this, don't hesitate to reach out.
iinuwa
commented
9 months ago I got a dummy caBLE client through the handshake part but didn't do any of the tunnel interactions yet, so we're about at the same place. What do you have left with the handshake?
micolous
commented
9 months ago On Sat, 27 Jan 2024 at 09:52, Isaiah Inuwa @.***> wrote:
FYI, the caBLE 2.1/hybrid transport spec has been published in the CTAP 2.2 review draft: https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.html#sctn-hybrid
My read of the specs after they were published was there are gaps, there are things in the spec which are missing from Chromium, and then there is plain nonsense which has no place in the spec. Unfortunately, FIDO do not accept feedback from non-members, and I don’t feel like writing a cheque to be able to give feedback. :)
I reached out privately at the time proposing we could change how Credential Portal should work- that it could adopt webauthn-authenticator-rs.
The main blocker was there are were usability issues with webauthn-authenticator-rs which needed to be sorted out first. Things have improved since, but are not 100%, but the main way it’d get sorted is by trying.
Even still, my 5¢ is that integrating that is a better use of anyones time rather than rewriting cable support from scratch. :)
(Written on phone - please excuse typos)
—
Reply to this email directly, view it on GitHub https://github.com/AlfioEmanueleFresta/xdg-credentials-portal/issues/31#issuecomment-1912820608, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAB4IP4G5GPV6C57W2FIXMTYQQ3DZAVCNFSM6AAAAAARL7G4FWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJSHAZDANRQHA . You are receiving this because you commented.Message ID: @.*** com>
timcappalli
commented
7 months ago Unfortunately, FIDO do not accept feedback from non-members
That's not exactly true. Please send me any feedback you may have and I will circulate it. timcappalli@cloudauth.dev
Blocked:
Includes: