FIDO 2.0: backward compatible?
659 views
Skip to first unread message
HLFH
Jun 9, 2015, 5:43:24 AM6/9/15
to fido...@fidoalliance.org
Hi,
Do you know if all U2F devices made to date with FIDO 1.0 final specification will become obsolete and not supported? I.e. will 2.0 be not backward compatible?
Could a firmware update update those FIDO 1.0 U2F devices (like the FIDO U2F Security Key from Yubico) to the FIDO 2.0 spec? Or are there some changes at the hardware level, so, it we want - at the time of the FIDO 2.0 final release - to benefit of the FIDO 2.0 spec on Windows 10 (probably with Microsoft Edge) and on Google Chrome and maybe on Firefox, the only way would be to buy a new U2F device that will support FIDO 2.0, probably if we are optimistic in the late Q4 2015 when the FIDO 2.0 will be released (according to the executive director of the FIDO Alliance)...?
Should we buy U2F 2.0 devices or the U2F 1.0 devices could become, with a firmware update, U2F 2.0 devices? So is there some planned obsolescence?
Thanks in advance,
HLFH
McDowell, Brett
Jun 11, 2015, 9:51:07 AM6/11/15
to HLFH, fido...@fidoalliance.org
FIDO 2.0 is not being designed to render anything we've done before obsolete. On the contrary, it is designed to spread FIDO to more client systems in the ecosystem by means of specific optimizations that make it easier for platforms (i.e. operating systems, web browsers, etc.) to bake in FIDO support "out of the box", enabling our vision of ubiquitous support for FIDO authentication. Although some of the required optimizations may require the actual wire protocol to be different in 2.0, our strategy for ensuring backwards compatibility is tied to our recently launched FIDO Certification Program. Going forward server vendors/implementers will be incentivized to provide backward compatibility for all FIDO Certified client devices, UAF 1.X, U2F 1.X, and 2.0. This enables the 2.0 specifications to be fit-for-purpose to enable native platform support while helping to ensure full backward compatibility in the market going forward for all FIDO Certified authenticators and clients/browsers.
As to your question about implementers pushing out updates to their 1.X implementations to make them 2.0 compliant, this is really up to the implementation, by each FIDO vendor: FIDO Device vendors can decide to build their FIDO devices in a way that allows for upgrading the firmware to support 2.0.
-- Brett
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at http://groups.google.com/a/fidoalliance.org/group/fido-dev/.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/3ed4b159-4907-47a1-8ebe-913545b074f8%40fidoalliance.org.
Anthony Nadalin
Jun 11, 2015, 12:35:40 PM6/11/15
to McDowell, Brett, HLFH, fido...@fidoalliance.org
Looks good to me
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAE0AqhAjkTRsDB5MJ350_b_BJtTHBHFvb_7SBNK%2BemX3uT%2Bcpg%40mail.gmail.com.
Fred Le Tamanoir (NEOWAVE.FR)
Jul 6, 2015, 10:13:26 AM7/6/15
to fido...@fidoalliance.org
Some answers gathered from FIDO meetings / other FIDO members / FIDO rumors :
Question: FIDO 2.0: backward compatible?
Answer: At the end probably NO.
Question: "firmware update" for compatibility?
Answer: Noone can answer on the behalf of each product manufacturer but probably not.
Question : "U2F 2.0 devices?"
Answer: It seems there won't be any "U2F 2.0" specifications so probably no "U2F 2.0 devices". AFAIK, "U2F" or "UAF" will probably merge into a single FIDO "something new" 2.0 specifications to provide several sub-solutions to completely replace login/passwords.
It is still not clear but it seems to mean that U2F 1.0 should be seen as an already-available and here-to-stay solution when you simply need to add a second factor to an existing login/password and it is not the real focus for FIDO 2.0.
Question : "FIDO Firefox support ?"
Answer: For now, nobody seems to really care about FIDO inside Firefox foundation. Since up to now I am still trying to promote Firefox (even if I am using Chrome right now...), I was hopeful for awhile but no developer picked the task/request... and worse now: I saw a few threads inside bugzilla and moz forums where everyone seems to agree to wait... for FIDO 2.0 specifications, for Christmas or the rapture (it was not clear). Kind of a shame since FIDO U2F 1.0 is already available and working great inside Chrome/Chromium, and this source code is available to help... (and no... I can't pick the task by myself...) and FIDO 2.0 will mostly be based on the same software bricks : APDU-like-and-TLS-binded communication over HID (or BLE now).
Question : "windows 10 FIDO 2.0 support?
Answer: There will be NOTHING about FIDO 2.0 inside Windows 10 first releases because:
- near-RTM Windows 10 leaked releases have no FIDO x.x support
- near-RTM Windows 10 leaked releases have no FIDO x.x support
- FIDO 2.0 specifications are far from finished
When Microsoft said Windows 10 will support FIDO 2.0 in the future, without date of availability and without having access to specifications...
...you can guess it was mostly vaporware based communication
...but it was still great news because it was probably a real future commitment. so... Soon (c)
...but it was still great news because it was probably a real future commitment. so... Soon (c)
--
Fred
Reply all
Reply to author
Forward
0 new messages