Do you approve not including PIN in this spec?

dicekeys / seeding-webauthn

A spec for deriving FIDO key pairs from a seed

9 stars 0 forks source link

Do you approve not including PIN in this spec? #5

Closed UppaJung closed 4 years ago

UppaJung commented 4 years ago

@nickray asks "PIN protection: we could either have different credentials based on whether PIN is passed or not (by hashing in a flag), or insist on PINs."

Stuart would not have that be part of the spec. I should be able to take a credential from a PIN-required authenticator to one that doesn't require a PIN if I so choose.

nickray commented 4 years ago

Yes, the PIN has nothing to do with the credential, it only identifies user to authenticator, and most importantly, can be changed or potentially removed (this is not in spec, but also not forbidden) by user.

The PIN typically isn't even available in unhashed form.

What I was getting at was whether to have two different keys depending on whether the PIN was entered or not (which Microsoft does for hmac-secret). But I think we should not.

UppaJung commented 4 years ago

I agree we should not. Closing!