top | item 44823752

(no title)

reginald78 | 6 months ago

Well, having your passkey provider blocked for doing that might stop you.

https://github.com/keepassxreboot/keepassxc/issues/10407

Of course, they might just block you for not being on a whitelist of approved providers anyway.

discuss

tzs|6 months ago

The objection there was not to providing passkey backup. It was to doing it in plain text.

timmyc123|6 months ago

Since you keep posting this link, I'll just keep saying it: there is no credential manager attestation in the consumer synced passkey ecosystem. Period. There is no way to build and allowlist, by design. The consumer synced passkey ecosystem is open.

eddythompson80|6 months ago

That's such a strawman argument. Read the link you pasted again

anonymars|6 months ago

Strawman? We are talking about this link, right, the one that says:

> I've already heard rumblings that KeepassXC is likely to be featured in a few industry presentations that highlight security challenges with passkey providers, the need for functional and security certification, and the lack of identifying passkey provider attestation (which would allow RPs to block you, and something that I have previously rallied against but rethinking as of late because of these situations).

> The reason we're having a conversation about providers being blocked is because the FIDO Alliance is considering extending attestation to cover roaming keys.

> From this conversation it sounds like the FIDO Alliance is leaning towards making it possible for services to block roaming keys from specific providers.