u2f
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu Feb 5 08:45:26 PST 2015
Hi,
One of the presentations in fosdem's security devroom was about U2F. As
far as I understood U2F is smart card which provides unique per server
ECDSA256 keys. Those could be stored in the card or in the PC similarly
to TPM (i.e., encrypted using a key that depends on the card and the
site). The protocol includes registration, and is a simple
challenge-response process. The differences between a PKCS #11 smart
card and that one, is the specified registration protocol as well as its
driverless nature. The U2F protocol is however limited to secp256r1 curve
and cannot be extended beyond it. What do you think of that? Would it make
sense to support it in openconnect?
regards,
Nikos
[0]. https://fosdem.org/2015/schedule/event/second_factor_auth/
https://github.com/security-devroom/fosdem-2015/tree/master/presentations/universal-2nd-factor
More information about the openconnect-devel
mailing list