Hi Jan-Frederik,
> The reasoning behind the current design of the EAP method and the
> handling of the FIDO challenge has two main thoughts:
Thank you for your detailed explanations regarding the EAP-FIDO design
rationale. I'm currently working to understand them.
> This would open up the FIDO
Hi Alan,
> Deriving the challenge from the TLS keying materials is because of
> cryptographic binding issues:
>
> https://datatracker.ietf.org/doc/html/rfc5281#section-14.1.11
>
> Which refers to an out-dated link. The updated one is
> https://asokan.org/asokan/research/tunnel_extab_final.p
On Oct 29, 2024, at 4:03 AM, Yukiko MINAMIE wrote:
>> Perhaps one option would be to allow the challenge to be created by the
>> FIDO2 server, but add an exchange specific to the EAP-FIDO protocol, which
>> would do the cryptographic binding. That exchange could stay inside of
>> EAP-FIDO, an
