Ext: CredProtect - CTAP2.0 Authenticator

[JisungPark0122]

By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.

If you have privacy concerns, please email conformance-tools@fidoalliance.org

FIRST PRE CHECK

• [x] I SOLEMNLY SWEAR THAT I HAVE SEARCHED DOCUMENTATION AND WAS NOT ABLE TO RESOLVE MY ISSUE

What protocol are you implementing?

• [ ] FIDO2 Server
• [x] CTAP2.0
• [ ] CTAP2.1
• [ ] UAF 1.1
• [ ] U2F 1.1
• [ ] U2F 1.2

NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.

What is your implementation class?

• [x] Security Key / FIDO2 / U2F authenticators
• [ ] Server
• [ ] UAF Client-ASM-Authenticator combo
• [ ] UAF Client
• [ ] UAF ASM-Authenticator

If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org

What is the version of the tool are you using?

v1.7.19

What is the OS and the version are you running?

For desktop tools

• [ ] OSX
• [x] Windows
• [ ] Linux

For UAF mobile tools

• [ ] iOS
• [ ] Android

Issue description

This extension is not required in CTAP2.0 specification. Please check

[iirachek]

CredProtect is required by the security requirements to the FIDO authenticators.

See section 3.4 Privacy, requirement 4.6:

The Authenticator shall implement the CredProtect extension.

[JisungPark0122]

Hi @iirachek Thank for your reply.

As my test result, It'll be failed if "credProtect" extension set to userVerificationOptionalWithCredentialIDList(0x02) or userVerificationRequired(0x03).

How do I implement "credProtect" extension in CTAP2.0 authenticator?