![]() ![]() > What would they even attest to, given that the credential is effectively not bound to any secure hardware? I think attestation is harmful and should never have been part of the spec. ![]() ) but I would be very happy to be proven wrong about that. My understanding is that iOS does still very much support attestation (. I'd love some kind of reference for this. We still need buy-in from the FIDO alliance itself that importing/exporting keys is an important part in general of being a passkey provider.Īnd we still need to see how the attestation situation is going to play out ( see note above) and whether there are going to be any consequences at all for sites that just try to block anything except mainstream devices ( see note above, the consequence would be losing iPhone users). It absolutely does, it's just only a first step. That's not to say that an Open implementation of a platform authenticator doesn't matter. It'll still be a situation where if a family member loses their iPhone and they haven't synced keys to other devices already, their only solution is to buy another iPhone like a good little consumer. This is still going to be a situation where if you export your keys from KeePassXC, you won't be able to import them into anywhere. To where? This is still going to be a situation where a family member tells me they're interested in switching to Android and I have to tell them that they'll have to one-by-one transfer their login information. Okay, let's say you can export and import from KeePassXC. That last point is possibly the biggest problem, and it's part of why I've been pushing that this needs to be part of the spec. Compatibility with other platform authenticators. Support for platform authenticators on Linux for Firefox and Chrome (Chrome currently has "no plans" to support this). So assuming it is true (which it looks to be) this shouldn't be an issue.) Extremely big deal because nobody is going to want to cut off Apple keys, which effectively means those services can't require attestation. ( Edit: it's been pointed out below that Apple is getting rid of attestation for its platform authenticators, and as far as I can tell that's true. Guaranteess that attestation won't be used to block KeePassXC from being used as an authenticator. It's a huge first step, but only a first step. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |