FIDO U2F Support
ghudson at mit.edu
Wed Dec 16 14:42:53 EST 2015
On 12/16/2015 01:32 PM, Martin Gegenleitner wrote:
> Since the wiki-page was updated on 2015-03-17, I wanted to know if there
> is any progress in this project
There has been substantial progress. See:
* We have a draft which hasn't been adopted by the kitten working group
yet (we need to make a few more changes, resubmit it, and then put it in
the queue for adoption).
* I have an in-progress implementation, using placeholder values, which
does the SPAKE exchange using OpenSSL's P-256 curve implementation.
* The next step is to add pluggable interfaces on the KDC and client
side for second factors. This part is difficult.
Despite the lack of second-factor pluggable interfaces, you could
probably implement a proof of concept using the existing code, without
worrying about making it a proper plug-in module.
More information about the krbdev