u2f

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Feb 5 08:45:26 PST 2015


Hi,
 One of the presentations in fosdem's security devroom was about U2F. As
far as I understood U2F is smart card which provides unique per server
ECDSA256 keys. Those could be stored in the card or in the PC similarly
to TPM (i.e., encrypted using a key that depends on the card and the
site). The protocol includes registration, and is a simple
challenge-response process. The differences between a PKCS #11 smart
card and that one, is the specified registration protocol as well as its 
driverless nature. The U2F protocol is however limited to secp256r1 curve
and cannot be extended beyond it. What do you think of that? Would it make 
sense to support it in openconnect?

regards,
Nikos

[0]. https://fosdem.org/2015/schedule/event/second_factor_auth/
https://github.com/security-devroom/fosdem-2015/tree/master/presentations/universal-2nd-factor





More information about the openconnect-devel mailing list