|
|
|
|
|
|
by saltcured
1161 days ago
|
|
|
I've read about how some folks are using FIDO apps on devices like the Ledger Nano, designed to be crypto currency wallets. These allow the (FIDO) device identity to be exported and later restored onto a new device from the same product line. As I understand it, the experience would be a bit more like restoring a passkey on a new phone, but using a locally secured backup rather than a cloud vendor. Since reading about that, I've wondered if the relying party in FIDO could or should know the difference. Would this entire product line get flagged in some FIDO registry as having exportable keys? If you really cared, it seems you would need to consider this a static property of the authenticator, whether or not a particular user has decided to make use of the export feature on their device. Worse, as a software-defined feature, do you get any guarantees at all? Do they do some kind of secure-boot chain so that the FIDO app gets access to a manufacturer key and some other lower quality app cannot be installed to spoof the same authenticator solution? On the other hand, those devices could be more secure in some practical sense than a Yubikey. They have a display and can show context during an authentication challenge, to reduce the chance that a user is confused about which relying part is asking for the next button press. There is also potential for secure entry of a PIN factor without trusting the host computer to relay this information. |
|
|
The standard actually anticipates you might want to do that, so the token’s manufacturer can sign the token so that a relying party can whitelist (or, presumably, blacklist) certain tokens.