(In case there is a better place to comment on the CTAP draft, please let me know)
The current Proposed Standard of the CTAP protocol defines for the hmac-secret extension the following requirement:
If "up" is set to false, authenticator returns CTAP2_ERR_UNSUPPORTED_OPTION.
UP is referring to "user presence" e.g. touching the authenticator
This means that currently the use of the hmac-secret extension, which can be used for cases like disk encryption, requires the user to physically touch the authenticator, even after they entered a PIN. This restricts several use cases including completely unattended use of the extension or remote unlocking of encrypted disks through fido2.
In comparison, TPMs allow users to set their own condition for unlocking stored secrets, which means the hmac-secret extension provides only a more restricted and less usable alternative.
What is the reason for this requirement?
If there is no reason why this must be a condition, it should be removed from the specification.
(In case there is a better place to comment on the CTAP draft, please let me know)
The current Proposed Standard of the CTAP protocol defines for the hmac-secret extension the following requirement:
UP is referring to "user presence" e.g. touching the authenticator
This means that currently the use of the hmac-secret extension, which can be used for cases like disk encryption, requires the user to physically touch the authenticator, even after they entered a PIN. This restricts several use cases including completely unattended use of the extension or remote unlocking of encrypted disks through fido2.
In comparison, TPMs allow users to set their own condition for unlocking stored secrets, which means the hmac-secret extension provides only a more restricted and less usable alternative.
What is the reason for this requirement?
If there is no reason why this must be a condition, it should be removed from the specification.