Does adding U2F/CTAP1 support to FIDO2 authenticator affect certification?
99 views
Skip to first unread message
Gregory Gallagher
Oct 20, 2022, 4:13:11 PM10/20/22
to FIDO Dev (fido-dev)
My company recently passed FIDO2 L1 certification for our authenticator, which supports only CTAP 2.0 (version "FIDO_2_0"). We then discovered the issue that 2-step verification for Google accounts requires U2F, so we're in the process of adding U2F/CTAP1 support (version "U2F_V2"). Do we need to get a separate U2F certification or can we amend our existing FIDO2 certification?
When we try to run tests in "FIDO Conformance Tools v1.75 || U2F1.1/1.2 - MDS3", some of the tests fail because it expects our metadata statement to show us as a U2F authenticator, and the conformance tests for FIDO2 don't have any U2F/CTAP1 tests. It's a little confusing.
Any guidance is highly appreciated.
Thanks,
Greg
John Bradley
Oct 21, 2022, 1:52:49 AM10/21/22
to Gregory Gallagher, FIDO Dev (fido-dev)
You need to do a second certification.
You will have 2 MDS entries one for CTAP2 and one for U2F. The identifiers are different for the two protocols.
Sent from my iPhone
On Oct 20, 2022, at 1:13 PM, Gregory Gallagher <g...@jensatch.com> wrote:
My company recently passed FIDO2 L1 certification for our authenticator, which supports only CTAP 2.0 (version "FIDO_2_0"). We then discovered the issue that 2-step verification for Google accounts requires U2F, so we're in the process of adding U2F/CTAP1 support (version "U2F_V2"). Do we need to get a separate U2F certification or can we amend our existing FIDO2 certification?
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/d45b55c3-128c-42cb-81b9-e5998a8b8ad6n%40fidoalliance.org.
Gregory Gallagher
Oct 21, 2022, 7:24:52 AM10/21/22
to FIDO Dev (fido-dev), John Bradley, FIDO Dev (fido-dev), Gregory Gallagher
Thanks very much John.
Steven li
Nov 16, 2022, 8:08:16 PM11/16/22
to FIDO Dev (fido-dev), g...@jensatch.com, John Bradley, FIDO Dev (fido-dev)
Hi Sir:
I still don't understand this question. Google account two-step verification does require U2F, but FIDO2 authentication CTAP2.0 and CTAP1/U2F can support
FIDO2 Authentication = 2-step verification with Google Accounts
Why does FIDO2 already support CTAP2/1(U2F), but it needs to pass the U2F specification?
FIDO2 Authentication = 2-step verification with Google Accounts
Why does FIDO2 already support CTAP2/1(U2F), but it needs to pass the U2F specification?
Thanks,
Steven
g...@jensatch.com 在 2022年10月21日 星期五晚上7:24:52 [UTC+8] 的信中寫道:
John Bradley
Nov 16, 2022, 8:33:10 PM11/16/22
to Steven li, FIDO Dev (fido-dev), g...@jensatch.com
Firefox and android don’t support CTAP2 yet.
Sent from my iPhone
On Nov 16, 2022, at 5:08 PM, Steven li <changa...@gmail.com> wrote:
Hi Sir:
Steven li
Nov 17, 2022, 2:31:41 AM11/17/22
to FIDO Dev (fido-dev), John Bradley, FIDO Dev (fido-dev), g...@jensatch.com, Steven li
Hi all,
1. Our company's products support CTAP2 and CTAP1/U2F
2. FIDO2 only authenticates CTAP2 either CTAP2.1
3. If the authentication for registration on a specified account server, and the website platform only supports the CTAP1/U2F authentication protocol,
2. FIDO2 only authenticates CTAP2 either CTAP2.1
3. If the authentication for registration on a specified account server, and the website platform only supports the CTAP1/U2F authentication protocol,
is it necessary to declare that the device has obtained the U2F authentication logo?
Please let me know how the answer in point 3 is.
Thanks in advanced!
Steven Li
John Bradley 在 2022年11月17日 星期四上午9:33:10 [UTC+8] 的信中寫道:
Reply all
Reply to author
Forward
0 new messages