There was a lot of news the other day about passkeys and portability - fidoalliance.org/fido-alliance - that says in part:

"Until now, there has been no standard for the secure movement of credentials, and often the movement of passwords or other credentials has been done in the clear."

This is true, but... there is also still no standard for any of that. The specs are mostly empty placeholders.

fidoalliance.org/specs/cx/cxp-

fidoalliance.org/specs/cx/cxf-

Solid Mitch Hedberg energy here.

1
Share
Share on Mastodon
Share on Twitter
Share on Facebook
Share on Linkedin
mhoye

And, Christ On A Bike, going to press to announce the important developments in your shiny new security protocol, with "Security Considerations: TODO Security" _right there in the text of the spec_ does not fill me with confidence that you are taking this seriously.

0
1mo
Replies