Open wizzard0 opened 1 year ago
@wizzard0 I think that selection UI may violate the PDDB "zero knowledge across bases" aspect of the Precursor. If you are worried about a specific identity being seen/selected you need to unmount that basis and mount the correct one before accessing the site.
@spoelstraethan No, I don't think so
1) right now there's no way to dismount the fido identity basis, as it always uses the System one, IIUC
2) same as you pick a password to autotype right now -- across what's available across all mounted pddbs, instead of trying to bruteforce them all - you would pick an identity to authenticate
Hmm, it may depend if you are talking U2F or FIDO or FIDO2, because when I don't have a secret basis (or bases) mounted their entries don't show up on the FIDO page. I haven't tested whether I can authenticate with an identity that lives in a basis without mounting it but I should try that.
That does sort of make sense that it could not present the U2F USB HID interface until you've selected the identity that you want to use with the website, basically "plugging in" the U2F only when you have presented a FIDO2 entry, not sure how that plays with the CTAP 2.1 behavior where sites may expect it to brute force, but it would avoid enumeration attacks or the limitation that some sites have of only trying like six entries before timing out and failing.
(0.9.13) Allow to select which virtual FIDO key to use
Use cases:
Currently, as per the discussion from chat:
bunnie> the identity key is set up in the system basis, so it's always there no matter what secret basis is open
gsora> having your own attestation key makes your specific device stand out from the crowd gsora> citing the spec: Every U2F device has a shared 'Attestation' key pair which is present on it - this key is shared across a large number of U2F device units made by the same vendor (this is to prevent individual identifiability of the U2F device). Every public key output by the U2F device during the registration step is signed with the attestation private key.
Proposed UX: wizzard0> I see. I want a per-credential
device private key
then. Something like "select a virtual token to use
" if it has to be chosen before the protocol starts and the website doesn't send any tokens/hashes first which could be used to detect which cred to use (which cred they are related to)