Supported Protocols Confusion

[Daniel Bujak]

Hi all, I've been facing some issues when testing the latest Firefox builds on macOS and have traced the point of deviation to checking of the capabilities reported by my device.

The FIDO2.0 spec indicates 3 capability flags

• CAPABILITY_WINK (If set to 1, authenticator implements CTAPHID_WINK function)
  
• CAPABILITY_CBOR (If set to 1, authenticator implements CTAPHID_CBOR function)
  
• CAPABILITY_NMSG (If set to 1, authenticator DOES NOT implement CTAPHID_MSG function) 
  

I'm trying to understand the exact meaning of the CAPABILITY_NMSG flag. Does setting this flag indicate anything about the protocols supported (ie. U2F vs FIDO2)? Further, is this setting related to the version strings reported by the device? 

From my testing, it seems like Firefox uses the capabilities flags to decide whether to use U2F or CTAP2. My device supports CTAPHID messages (for some legacy reasons), but does not support U2F auth. Is this valid?

Any clarification would be appreciated!

[Ackermann Yuriy]

NMSG means authr does not support HID MSG command. So basically not supporting U2F protocol

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/5a634cb8-8c7a-4570-8b2b-bf58ede482c2n%40fidoalliance.org.

--

Yuriy Ackermann

FIDO, Identity, Standards

skype: ackermann.yuriy

github: @herrjemand

twitter: @herrjemand

medium: @herrjemand

[Daniel Bujak]

Right, I get that without CTAPHID MSG, the device cannot support U2F. However, is the opposite necessarily true? Does indicating the NMSG==0 indicate support for U2F? It seems to me that this option only means that the CTAPHID message structure is supported, not that the authenticator supports the U2F protocol, but I may be misunderstanding.