Stream: Security and Privacy
Topic: FIDO
David Hay (Feb 21 2019 at 21:31):
any comments on FIDO? https://fidoalliance.org/ . Is this just a PKI???
John Moehrke (Feb 21 2019 at 21:38):
from what I have been able to understand. No, it is not PKI... it is a performance specification for authenticator systems. So it is not an interop-standard, it is something more...
Not a perfect analogy: It is to user authentication what bluetooth is to wireless IOT.
In that it is an interface specification, a behavioral specification, performance requirements, and has certification requirements.
Because of this it has great promise, but because of this it is seen as too rigid. So it is hard to understand if it will succeed or not.
This is my understanding... welcome more informed, or even less informed, views
Paul Lynch (Feb 21 2019 at 21:40):
It's a standard for security keys: https://www.imperialviolet.org/2017/08/13/securitykeys.html
David Hay (Feb 21 2019 at 22:54):
specifically keys (like yubi)? is does it require that a physical key be part of the process?
John Moehrke (Feb 22 2019 at 13:33):
I don't think that a password system could qualify. It is more focused on certifying hardware systems.
John Moehrke (Feb 22 2019 at 13:33):
yes, yubi key is FIDO compliant.. https://www.yubico.com/solutions/fido2/
Last updated: Apr 12 2022 at 19:14 UTC
