| ▲ | csuwldcat 2 days ago | |||||||
There's also the specific case of synced passkeys, which aren't exposed to CTAP management APIs for external parties, only to the OS/platform itself. You seem tied to a narrative where a user can install a native app that gets permission to call core OS/platform APIs that let the app get all the public keys of passkeys on the device, but no such permissions/APIs exist for apps, and providing them would be in explicit violation of the fundamental security model. In reality, only the platform/OS and highly trusted actors/components that are already within the existing trust model have such access for internal purposes, and if that's not a safe assumption, it would have broader implications beyond this concern. | ||||||||
| ▲ | blibble 2 days ago | parent [-] | |||||||
> You seem tied to a narrative where a user can install a native app that gets permission to call core OS/platform APIs that let the app get all the public keys of passkeys on the device yes? one of the main points of passkeys is that if your device is compromised: all your accounts aren't. with your system, they are > In reality, only the platform/OS and highly trusted actors/components that are already within the existing trust model no, they aren't, if they were, the HSM/secure enclave wouldn't be needed at all I've entertained this nonsense for almost 2 hours now, I'm done the fact is, if the public key gets out, then your system is compromised and I have shown you most (df not all) roaming authenticators have a way to enumerate public keys as does every software HSM I've ever interacted with | ||||||||
| ||||||||