[Bug 3516] ssh-keygen when creating sk fido keys does not create sufficient data for attestation verification.

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Jan 5 10:10:51 AEDT 2023


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
                 CC|                            |djm at mindrot.org,
                   |                            |pedro at ambientworks.net

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
I don't think that's correct - these are not webauthn, but FIDO2
credentials (which is built on top of FIDO2 but adds additional
encapsulation). I'm pretty sure that it's possible to verify
ssh-keygen's attestation.

Adding Pedro as he knows way more about this than me.

You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list