At BlinkShell we recently added support for WebAuthn for SSH keys. WebAuthn signatures have been a part OpenSSH for a while now, but it looks like we are the first client to do so. You can check out a few cool flows here https://twitter.com/BlinkShell/status/1570427813819486212?s=...
IMO, the best part of Apple adding Passkeys support over WebAuthn is that we are finally able to use Secure Keys as well across all devices. If this takes off, I wonder if it would somehow end up replacing FIDO2 for Secure Keys scenarios as wel.
Freak_NL 582 days ago [-]
For anyone else familiar with WebAuthn but confused about the generic term 'passkey' like I was: the author is probably talking about some new Apple feature for IOS. It looks just like regular WebAuthn from what I can tell.
m0RRSIYB0Zq8MgL 581 days ago [-]
This is a joint development announced by Apple, FIDO, Google, and Microsoft. Passkeys follow the WebAuthn standard but add the functionality of working cross-device without needing to re-enroll and allow one device to authenticate for another near by device (ie phone authenticating log in attempt on laptop).
If you’re familiar with U2F and FIDO2 MFA, Adam Langley’s interview on the “Security, Cryptography, Whatever” podcast is worth listening to for the discussion of what’s happened since and the thinking behind many of the decisions:
Yes, it is WebAuthn + iCloud storage of the client credentials.
arianvanp 582 days ago [-]
Note that Microsoft and Google also agreed to the Passkey terminology and will be adopting it in all their Webauthn-related UIs
throw0101c 582 days ago [-]
Also, there is a draft being working on for credentials transfer:
This document describes a mechanism to transfer digital credentials
securely between two devices. Secure credentials may represent a
digital key to a hotel room, a digital key to a door lock in a house
or a digital key to a car. Devices that share credentials may belong
to the same or two different platforms (e.g. iOS and Android).
Secure transfer may include one or more write and read operations.
Credential transfer needs to be performed securely due to the
sensitive nature of the information.
The author of the pull request wrote a tool to deal with the serialisation/deserialisation which works great and has a passkey option:
https://simplewebauthn.dev/docs/
IMO, the best part of Apple adding Passkeys support over WebAuthn is that we are finally able to use Secure Keys as well across all devices. If this takes off, I wonder if it would somehow end up replacing FIDO2 for Secure Keys scenarios as wel.
https://fidoalliance.org/apple-google-and-microsoft-commit-t...
https://securitycryptographywhatever.buzzsprout.com/1822302/...
https://github.com/w3c/webauthn/pull/1703
Github maintains a Ponyfill for browsers that don't support this standardised serialisation format yet: https://github.com/github/webauthn-json
https://github.com/w3c/webauthn/issues/1616 https://github.com/w3c/webauthn/issues/1255