On Oct 24, 2023, at 11:11 AM, <josh.howl...@gmail.com> <josh.howl...@gmail.com> wrote: > That is an interesting idea, but it might be tricky for the supplicant to > validate because provisioning is performed through a browser?
All the supplicant has to know is (a) the FIDO credentials, and (b) the CA certs used for FIDO. These are usually in the web CA store. That should just be calls to the relevant APIs. > Jan-Fred and I have previously discussed the option of provisioning the > supplicant (through the browser) with a credential for the server at the > time of initial PIDO provisioning. This was also looking tricky, but I think > the idea also has merit. Shades of TEAP! Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
