Ext: CredProtect - CTAP2.0 Authenticator

[JisungPark0122]

By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.

If you have privacy concerns, please email [email protected]

FIRST PRE CHECK

• I SOLEMNLY SWEAR THAT I HAVE SEARCHED DOCUMENTATION AND WAS NOT ABLE TO RESOLVE MY ISSUE

What protocol are you implementing?

• FIDO2 Server
• CTAP2.0
• CTAP2.1
• UAF 1.1
• U2F 1.1
• U2F 1.2

NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.

What is your implementation class?

• Security Key / FIDO2 / U2F authenticators
• Server
• UAF Client-ASM-Authenticator combo
• UAF Client
• UAF ASM-Authenticator

If you are platform authenticator vendor, please email [email protected]

What is the version of the tool are you using?

v1.7.19

What is the OS and the version are you running?

For desktop tools

• OSX
• Windows
• Linux

For UAF mobile tools

• iOS
• Android

Issue description

This extension is not required in CTAP2.0 specification.
Please check

[iirachek]

CredProtect is required by the security requirements to the FIDO authenticators.

See section 3.4 Privacy, requirement 4.6:

The Authenticator shall implement the CredProtect extension.

[JisungPark0122]

Hi @iirachek
Thank for your reply.

As my test result, It'll be failed if "credProtect" extension set to userVerificationOptionalWithCredentialIDList(0x02) or userVerificationRequired(0x03).

How do I implement "credProtect" extension in CTAP2.0 authenticator?