Browser Support for HMAC Secret Extension
390 views
Skip to first unread message
Dominik Schuermann
Nov 7, 2019, 5:41:33 AM11/7/19
to FIDO Dev (fido-dev)
Dear FIDO list,
We are currently evaluating the support by browsers for the HMAC Secret
Extension [0].
Setting hmacCreateSecret to true in MakeCredential is supported in
Chrome and partially in Firefox [1,2]. So that seems to work according
to our tests with https://webauthntest.azurewebsites.net
But, what about browser support for the GetAssertion operation?
Anyone knows if this is on the roadmap of the Chrome/Firefox developers?
Or what the status of this feature is?
Best Regards
Dominik
[0]
https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#sctn-hmac-secret-extension
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1551594
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1593571
We are currently evaluating the support by browsers for the HMAC Secret
Extension [0].
Setting hmacCreateSecret to true in MakeCredential is supported in
Chrome and partially in Firefox [1,2]. So that seems to work according
to our tests with https://webauthntest.azurewebsites.net
But, what about browser support for the GetAssertion operation?
Anyone knows if this is on the roadmap of the Chrome/Firefox developers?
Or what the status of this feature is?
Best Regards
Dominik
[0]
https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#sctn-hmac-secret-extension
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1551594
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1593571
Nicolas Mora
Nov 10, 2019, 8:40:25 PM11/10/19
to FIDO Dev (fido-dev)
Hello,
Unfortunately I don't have an answer to give you but I have the same concern.
Firefox was supposed to support hmacSecret in version 69 (https://bugzilla.mozilla.org/show_bug.cgi?id=1551594) but it turns out it was only for Windows Hello.
I opened another issue in bugzilla (https://bugzilla.mozilla.org/show_bug.cgi?id=1593571) , hoping for them to implement it soon (or to tell me how to use it).
Concerning Chrom[e|ium] I just filed an issue and waiting for an answer: https://bugs.chromium.org/p/chromium/issues/detail?id=1023225 .
Dominik Schuermann
Nov 11, 2019, 7:03:12 AM11/11/19
to fido...@fidoalliance.org
Hi Nicolas,
thanks for filling the Chrome issue and the Firefox ones.
Regarding Firefox support: In my tests, also on Windows 10 with all
updates I wasn't able to use GetAssertion with HMAC Secret.
I assume the implemention is only useful for setting up a HMAC Secret
capable credential with MakeCredential in the browser and later use it
in offline scenarios for Windows built-in functions without a browser.
Can someone confirm this?
Cheers
Dominik
> <https://bugzilla.mozilla.org/show_bug.cgi?id=1593571>
>
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fido-dev+u...@fidoalliance.org
> <mailto:fido-dev+u...@fidoalliance.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/3840092c-c756-4c2c-b091-73fd41f86c61%40fidoalliance.org
> <https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/3840092c-c756-4c2c-b091-73fd41f86c61%40fidoalliance.org?utm_medium=email&utm_source=footer>.
thanks for filling the Chrome issue and the Firefox ones.
Regarding Firefox support: In my tests, also on Windows 10 with all
updates I wasn't able to use GetAssertion with HMAC Secret.
I assume the implemention is only useful for setting up a HMAC Secret
capable credential with MakeCredential in the browser and later use it
in offline scenarios for Windows built-in functions without a browser.
Can someone confirm this?
Cheers
Dominik
>
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fido-dev+u...@fidoalliance.org
> <mailto:fido-dev+u...@fidoalliance.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/3840092c-c756-4c2c-b091-73fd41f86c61%40fidoalliance.org
> <https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/3840092c-c756-4c2c-b091-73fd41f86c61%40fidoalliance.org?utm_medium=email&utm_source=footer>.
Reply all
Reply to author
Forward
0 new messages