-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Usability Issue: Server Challenge timeout #25
Comments
Original poster: rlin1, on: Monday Oct 19, 2015 at 15:00 GMT Proposal: We SHOULD specify that the authenticator SHALL re-use the old key if accountInfo is identical to an existing credential on a makeCredential call. |
Original poster: rlin1, on: Monday Oct 19, 2015 at 15:20 GMT Comment from Dirk (via email): So, as an RP, I would call: window.fido.makeCredential({ ...to create a credential, and if I really wanted multiple credentials for the same account (for different purposes), I could do something like: window.fido.makeCredential({ etc. I think that might work. |
Original poster: rlin1, on: Monday Oct 19, 2015 at 15:24 GMT Comment from Arshad (via Email): In the world of digital certificates, it is possible to have multiple digital certificates for the same user on the same smartcard accessing a single application; if its a non-issue with key-pairs wrapped by a certificate, why is it an issue with a key-pair identified by a unique keyid? Am I missing something? |
Original poster: rlin1, on: Monday Oct 19, 2015 at 15:24 GMT Comment from Arnar (via email):
Now there are two key pairs on the phone for foo.com and the same account - but the server only knows one public key. If the phone happens to pick the wrong key for signing, login fails. We think a delete API is a fragile solution to this problem, and that one-keypair-per-account-identifier is a better one. |
Original poster: rlin1, on: Monday Oct 19, 2015 at 15:25 GMT Comment from Arshad (via email): Why not allow the user to deactivate the public key as part of the account recovery flow, so they have the option to activate it again if they find their phone/token again? This will then eliminate the need to have a hard-rule that a user may only have one key-pair registered to an RP-site on a token. I imagine the firmware for the authenticator will be a little simpler without that rule. The user can always be given the option to delete the key when they've authenticated with the authenticator, thus ensuring that the key is deleted on the server and the authenticator in the transaction. |
Original poster: rlin1, on: Monday Oct 19, 2015 at 16:42 GMT Using this approach for multiple purposes (see Dirk's comment above) also leads to the issue #155, i.e. The user will have to delete the credential twice (i.e. first in the App itself since this is default place to start and then in the device's proprietary credential manager - if it exists). |
Revised Proposal: |
Authenticator model will be changed to say that a caller should not expect to be able to have more than one credential on a single authenticator for the same AccountInfo value. |
Originally submitted by: rlin1, on: Monday Oct 19, 2015 at 15:00 GMT
Scenario:
The text was updated successfully, but these errors were encountered: