Hi Jan-Frederik
Thanks for the draft. Question:
Is the intent that the FDO authentication happen each and every time, or
just during ownership transfer?
Thanks,
eliot
On 24.10.2023 00:38, Jan-Frederik Rieckers wrote:
Hi emu folks,
as already teased at the last IETF, we finally have a first I-D ready
for EAP-FIDO.[1]
The basic idea:
Password-based network authentication is not really state-of-the-art
any more and, due to failure to verify the server certificate,
sometimes even completely broken.
Almost every device nowadays has a TPM chip or something similar, that
is able to speak FIDO, either with the help of the OS or generically.
So, why not use FIDO to log in to networks?
There is a proof-of-concept implementation (not compatible with the
spec in the draft yet, just to show that "It works™") that was used to
perform an eduroam login at a conference with an EAP-FIDO key.
We will hold a side-meeting on Monday evening, 18:00 in Room Karlin 4,
to discuss some of the open design questions and to gather feedback on
what else may be needed in the specification.
We have also requested a time slot at the emu session on Tuesday, to
shortly present the work.
Any feedback is welcome.
Cheers
Janfred
[1]: https://datatracker.ietf.org/doc/draft-janfred-eap-fido/
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
