Scott C Wang wrote: > I implement a SecurityKeyProvider that prints a https URL upon sk_sign. > I open this URL in Google Chrome. The script on the page calls the > webauthn authentication API; Google Chrome prompts me to choose an > authentication method, and I pick my phone. Authenticating my > fingerprint on my phone yields a webauthn signature to the script, > which POSTs the signature, origin, clientData, and extensions back > to the same URL. The SecurityKeyProvider polls the URL (or some > endpoint) until the signature arrives, which it returns, along with > the origin, clientData, and extensions, to the OpenSSH client. > The OpenSSH client now has what it needs to pack a > "webauthn-sk-ecdsa-sha2-nistp256@xxxxxxxxxxx" signature message, > all of which the OpenSSH server currently already supports validating. .. > have I gone mad? FWIW I think the data spray and the complexity are mad, each on their own. I guess that it'll be popular, I hope not in mainline OpenSSH. ;) //Peter _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
