[OpenID-specs-EAP] EAP Call Notes 26-Apr-18
Mike Jones
Michael.Jones at microsoft.com
Thu Apr 26 21:28:18 UTC 2018
EAP Call Notes 26-Apr-18
Brian Campbell
Mike Jones
John Bradley
A request had come into Mike to update references in http://openid.net/specs/openid-connect-eap-acr-values-1_0.html
He will update the WebAuthn reference and add a FIDO2 reference
A comment on the IETF Token Binding specs came in requesting TLS 1.3 multi-version style negotiation versus 1.2 single-version style
John will weigh in as chair saying that the current spec represents considered WG consensus
John received a question about whether EAP will enable passing a FIDO attestation to the Connect RP
Apparently some people want that
It seems like if the RP is trusting the OP, acting on the attestation information is the OP's job
Sending the FIDO attestation to the Connect RP could also be a privacy leak
A few of us may want to discuss this in Amsterdam
Brian asked about whether we want additional hash methods for "tbh"
John: If we do anything, it should probably be a SHA-3 hash
Mike: This is just making an existing secret shorter - not creating a new secret
John: The TBID doesn't have any extensible fields and so would be very hard to attack
Brian: We could update the metadata to advertise supported hash algorithms
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-eap/attachments/20180426/162951c3/attachment.html>
More information about the Openid-specs-eap
mailing list