Spec Clarification request: (CTAP2+Android+NFC) Extended Length APDU for CTAP2 selection

[My1]

So Android finally added CTAP2 over NFC but with one big caveat.

Devices that do not support the long length CTAP2 Applet Selection command straight do not work including certified models such as from Token2 or Cryptnox due to google adding the seemingly arbitrary extra requirement that the devices must support the Applet selection command with extended length encoding (00 a4 04 00 00 00 08 a0 00 00 06 47 2f 00 01)

https://issuetracker.google.com/issues/406833082#comment29

Their statement being:

> Java cards that don't support applet selection using extended encoding are not supported. If there are any regressions in the U2F flow, please open a bug and we're happy to help resolve the issue, but we will not be supporting non-compliant keys over CTAP2 so those keys should not be expected to support user verification.

The CTAP2 spec as quoted by the Person from google says:

> Conceptually, framing defines an encapsulation of FIDO2 commands. This encapsulation is done in an APDU following [ISO7816-4]. Authenticators MUST support short and extended length encoding for this APDU. Fragmentation, if needed, is discussed in the following paragraph.

(emphasis mine)

due to it saying specifically "for this APDU" wouldnt that mean that device do NOT have to support extended length encoding for the Applet selection to be compliant?

would be really nice if someone from the alliance could have a look over this

Best Regards

My1

[Jackson Richardson]

Approve 

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CACHSkNpzmkAkKuc0U6JAxo05ag4KjKAutoRw4TNoihxg1hoDhQ%40mail.gmail.com.