On 24.10.23 09:12, Eliot Lear wrote:> Thanks for the draft. Question:
Is the intent that the FDO authentication happen each and every time, or just during ownership transfer?
The intent is to do a FIDO authentication every time (maybe with the exception of TLS session resumption, Text for that is still TODO).
But with CTAP v2 you can trigger silent authentication, so the user does not need to touch their FIDO token every time they need to re-authenticate, the token just needs to be available (which is more complex with hardware tokens like YubiKeys, but very easy with OS-backed FIDO implementations)
Cheers, Janfred -- Herr Jan-Frederik Rieckers Security, Trust & Identity Services E-Mail: rieck...@dfn.de | Fon: +49 30884299-339 | Fax: +49 30884299-370 Pronomen: er/sein | Pronouns: he/him __________________________________________________________________________________DFN - Deutsches Forschungsnetz | German National Research and Education Network
Verein zur Förderung eines Deutschen Forschungsnetzes e.V. Alexanderplatz 1 | 10178 Berlin www.dfn.deVorstand: Prof. Dr. Odej Kao (Vorsitzender) | Dr. Rainer Bockholt | Christian Zens
Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch VR AG Charlottenburg 7729B | USt.-ID. DE 1366/23822
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
