Privacy topic: manage key slots through web app or native application only?

[tomholub]

For the record, our usecase @FlowCrypt in particular is a chrome/firefox extension

[szszszsz]

@onlykey I saw you have made a successful attempt in communicating over U2F with the device in your solution at:

• https://github.com/trustcrypto/OnlyKey-BrowserCrypt

In a brief look I have noticed, that you have used a bridge service (through https://apps.crp.to/OnlyKey-Connector/). Would that mean, that direct FIDO U2F communication is not possible?

I wonder what's the case now with the Webauthn API.

[onlykey]

@szszszsz Right, there was not a way that we could find to do direct FIDO U2F in a Chrome Extension. The method the PoC extension BrowserCrypt used is not ideal, opening a iframe to do the FIDO U2F and passing messages back to the extension. Maybe with FIDO2 it would be possible.