Closed nuno0529 closed 7 months ago
Updated assignees: removed Yuriy Ackermann, assigned @iirachek
I think this issue and #600 are duplicates of each other.
This may be resolved with changes introduced in the 1.17.18 version.
Since the intent of the P-11 test no longer aligns with the specification, this particular test is disabled for CTAP 2.1. In its place a P-15 is introduced which follows the same scenario, but utilizes a different command, exclusive to CTAP 2.1.
By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.
If you have privacy concerns, please email conformance-tools@fidoalliance.org
FIRST PRE CHECK
What protocol are you implementing?
NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.
What is your implementation class?
If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org
What is the version of the tool are you using?
1.6.34
What is the OS and the version are you running?
For desktop tools
For UAF mobile tools
Issue description
This P-11 test item
it expects all authenticator need to wait for user presence before returning CTAP2_ERR_NO_CREDENTIALS(0x2E), but latest ctap2.1 spec doesn't say that and this was an old ctap2.0 behavior in early version. And I think spec allow both kinds of behavior, below is the part of latest ctap2.1 spec that CTAP2_ERR_NO_CREDENTIALS(0x2E) need to be returned earlier than UP check. https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#:~:text=if%20the%20applicable%20credentials%20list%20is%20empty%2C%20return%20ctap2_err_no_credentials