[Bug 2319] [PATCH REVIEW] U2F authentication

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Jan 24 08:52:13 AEDT 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2319

Simon Josefsson <simon at josefsson.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |simon at josefsson.org

--- Comment #7 from Simon Josefsson <simon at josefsson.org> ---
Hi everyone.

I agree that it would be nice to write up the protocol spec in IETF
form -- talking to Michael, he would be positive to this so I started
that effort.  See:

https://gitorious.org/ietf-simon/u2f-secsh/source/

In particular:

https://gitorious.org/ietf-simon/u2f-secsh/raw/draft-josefsson-secsh-u2f.txt

As of writing, this is just cut'n'paste from Michael's description, but
the intention is to expand on it.  If anyone wants commit rights, just
drop me an email.

FWIW, my background is that I'm working at Yubico and have been
involved in the U2F protocol and its standardization.

I'm not sure if this bug report is the best place for design
discussions, but I believe one aspect of Michael's protocol should be
discussed further.  Maybe this protocol shouldn't do U2F registration. 
The U2F Registration can happen out-of-band using some command line
tools (see our u2f-host and u2f-server projects).  Then you could use
U2F as a single-factor protocol too.  I find that the server admin part
of handling registration is a bit strange.  It may be that I'm not just
getting what is achieved here.

Cheers,
Simon

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list