|
|
|
|
|
|
by parliament32
360 days ago
|
|
|
> secure transfer via the new Credential Exchange Protocol If it's "transferable", it's not phishing-resistant (ie it's possible for a user to get bamboozled into transferring their keys to a bad actor), right? Regardless of mechanism. You might've missed the "FIPS" part as well. This requirement effectively means the keys (or the keys to decrypt the keys) must be stored in a tamper-resistant hardware crypto device (read: your TPM) and basically no credential managers (apart from the first-party ones we have whitelisted) use the TPM for storing your keys. |
|
|