Hello,
Let me ask a question about U2F. Or, more generally, possibility to
enhance GnuPG for web authentication.
While I maintain scdaemon of GnuPG and develop Gnuk (an OpenPGPcard
implementation), I sometimes am asked about U2F support, these days.
(I think that this is due to Yubikey.)
IIUC,
Just chiming in here with some comments below. I am an active U2F user
and have played around with the server API's and read some of the
specs. Just to be clear, not an expert on U2F.
On 2/27/17 3:28 PM, NIIBE Yutaka wrote:
> Hello,
>
> Let me ask a question about U2F. Or, more generally, possib
Hello,
Thanks a lot for your explanation.
Glenn Rempe wrote:
> Well, the attestation key would be checked by the server side process
> right? And that is optional to check (but perhaps not optional to
> send). So you probably would need to ask those that are integrating
> U2F as a server auth me
On Tuesday, 28 February 2017 00:28:21 CET NIIBE Yutaka wrote:
> Anyhow, it would be possible for Gnuk to add U2F support (somehow
> limited, because of available resource on board).
regarding limited resources, the Yubikey people did a fine trick:
There is no per-website data stored on the Yubikey
Thomas Jarosch wrote:
> regarding limited resources, the Yubikey people did a fine trick:
> There is no per-website data stored on the Yubikey. So the amount
> of websites you can use a single FIDO U2F key for is unlimited.
>
> See "Limited storage on device" for details:
> https://developers.yubi
On Tue, 28 Feb 2017 01:28, gl...@rempe.us said:
> What though is the benefit of using gnupg key as the crypto behind the
> client auth? Seems like you are more exposed by having a portable gpg
It is up to the user where to store the key. For obvious reasons the
user should use a token (e.g. gnuk
Il 06/03/2017 16:10, Werner Koch ha scritto:
> An old argument against user certificates was the need to purchase a
> device or a certificates. Now U2F requires that you purchase a device
> anyway, thus this would void that argument.
IIRC one of the selling points of U2F is that it should have be
> Frankly, I don't really understand the use case for U2F? Why not using
> plain user certificates which is supported by browser and servers for
> ages? Is that because the web frameworks don't have good support for
> this?
I think this is because many people consider anything that is called a
Werner Koch wrote:
> Frankly, I don't really understand the use case for U2F? Why not using
> plain user certificates which is supported by browser and servers for
> ages? Is that because the web frameworks don't have good support for
> this?
Scalability, and some (or the) trust model which sup
NIIBE Yutaka wrote:
> Well, I concluded that it is not worth (for me) to try to integrate U2F
> feature into Gnuk.
While I am open to discussion, my current position is that it is better
for Gnuk not to integrate the U2F feature. I'd rather prefer separate
implementation of U2F, if needed, possi
10 matches
Mail list logo
