-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
-
OpenSK
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
I'm not sure what you're replying to--this scheme is much closer to self-signed X509 client certs, not FIDO. But regarding FIDO, it does not prevent user-controlled hardware; it's up to RPs to choose if they require specific device manufacturers or not.
In my experience, the vast majority of (consumer) RPs do not require specific batch attestation, which is why you can make your own FIDO key: https://github.com/google/OpenSK.
I am under the impression support for attestation was controversial in FIDO--it's clearly useful for enterprise scenarios (e.g. where an enterprise requires some silly certification like FIPS: https://support.yubico.com/hc/en-us/articles/360016614760-Ac...), but there's always the risk that consumer-facing RPs require it for no good reason.
My employer requires FIPS certification due to FedRAMP; I'd be interested in how you would propose to change FIDO such that--as now--I can use a single key for work and for all my consumer needs while eliminating attestation.
-
> Thatâs my point. If itâs not worth your time then let others who are interested discuss rather than just pissing all over the authorâs project.
I feel like there's a glass houses/stones thing going on here.
Please, quote me anything I said that was "pissing all over" it. I'm getting a strange hurt feeling vibe from you given that my only comments were entirely material.
> And whatâs left is essentially wireguard for logins.
I don't get the comparison.
> People love wireguard for its simplicity because it doesnât use certs and PAKEs and whatnot.
I don't know of a VPN that uses PAKE, so I don't get this comparison, but whatever.
> WebAuthnâs crowd and browser implementers on the other hand seem fixated on making sure users never have the option to deploy the protocol in such a way. Thatâs the problem.
https://github.com/herrjemand/awesome-webauthn#software-auth...?