Hello FIDO community!
I am trying to understand the condition for whether a token should operate with U2F or CTAP 2.1 behaviour during the makecredential operation, for HID USB
My understanding is if the token operates like this:
1. Token is connected
2. broadcast for CID
3. AuthenticatorMakeCredential
This is U2F mode
If token operates like this:
1. Token is connected
2. broadcast for CID
3. GetInfo
4. AuthenticatorMakeCredential
This is CTAP 2.1 mode
As this step expects U2F behavoiur, yet there is no Reset command given to token, my FIDO implementation expects a reset to rever back to U2F (not unplug plug back in, it is quite troublesome to do as the user must verify themselves on the token before it is even usable) so can I please confirm:
Q1: Can U2F reoccur on new CID's?
Q2: Can the conformance tool have a reset step each time U2F behaviour is expected?
Q3: Am I totally wrong and missing something?
I am thinking of implementing 1, but then how many CID's should the token keep track of? I am tempted to do an unsigned 4 byte integer with a bit field to track the last 32 CID's this will pass the conformance test but I feel is not the point, I don't see anywhere in the CTAP 2.1 spec to cover this behaviour as client PIN is not set.
Regards!
Fujimi