Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add required key protection to AuthenticatorSelectionCriteria #446

Closed
gmandyam opened this issue May 4, 2017 · 5 comments
Closed

Add required key protection to AuthenticatorSelectionCriteria #446

gmandyam opened this issue May 4, 2017 · 5 comments
Labels
subtype:algorithms/WebIDL subtype:attestation subtype:AuthnrSelection type:technical
Milestone
L2-WD-01

Comments

@gmandyam
Copy link

gmandyam commented May 4, 2017

Regarding https://w3c.github.io/webauthn/#authenticatorSelection, add criterion for required key protection.

Suggestion is to define
enum KeyProtection {
"SW",
"HW",
"TEE",
"SE"}

If requireResidentKey=false, then this criterion will be ignored. If requireResidentKey=true, then the UA will raise exception if the key protection level does not meet level specified.
@jyasskin
Copy link
Member

jyasskin commented May 4, 2017

For the web, we'll probably want to spell out the acronyms. What do they stand for?

I suspect these are still relevant for requireResidentKey==false: they'd describe how the encrypt-to-self key is protected.

@gmandyam
Copy link
Author

gmandyam commented May 5, 2017

@jyasskin

"SW" = software protection, "HW" = hardware protection, "TEE" = trusted execution environment, "SE" = secure element

@rlin1
Copy link
Contributor

rlin1 commented May 5, 2017
edited
Loading

I suggest adding such changes to branch authnr-sel-addtl-fields and the related PR #442

rlin1 added a commit that referenced this issue May 5, 2017
@rlin1
added keyProtection to AuthenticatorSelectionCriteria. See #446
3edde5a
@rlin1 rlin1 mentioned this issue May 5, 2017
Closed
@equalsJeffH equalsJeffH added this to the CR milestone May 8, 2017
@jyasskin jyasskin mentioned this issue May 11, 2017
Closed
@rlin1
Copy link
Contributor

rlin1 commented May 29, 2017

See branch authnr-sel-keyprotection

@rlin1 rlin1 mentioned this issue May 29, 2017
Closed
@nadalin nadalin modified the milestones: L2-WD-00, CR Sep 7, 2017
@akshayku akshayku mentioned this issue Dec 21, 2017
Closed
@nadalin
Copy link
Contributor

nadalin commented Feb 20, 2019

Closing for now as there is no interest

@nadalin nadalin closed this as completed Feb 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
subtype:algorithms/WebIDL subtype:attestation subtype:AuthnrSelection type:technical
Projects
None yet
Milestone
L2-WD-01
Development

No branches or pull requests
5 participants
@jyasskin @equalsJeffH @rlin1 @gmandyam @nadalin