Hi Alan, > Deriving the challenge from the TLS keying materials is because of > cryptographic binding issues: > > https://datatracker.ietf.org/doc/html/rfc5281#section-14.1.11 > > Which refers to an out-dated link. The updated one is > https://asokan.org/asokan/research/tunnel_extab_final.pdf > > See section 3 of that document for details.
Thanks for sharing the new URL. I will check it out. > Perhaps one option would be to allow the challenge to be created by the > FIDO2 server, but add an exchange specific to the EAP-FIDO protocol, which > would do the cryptographic binding. That exchange could stay inside of > EAP-FIDO, and wouldn't have to affect any FIDO exchanges. Thank you for this suggestion. I was also thinking that it would be helpful if a similar approach could be implemented. Best regards, -- Yukiko MINAMIE _______________________________________________ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
