new | ask | show | jobs
AlotOfReading 5 days ago  [ - ]

    But requiring exports to be encrypted is the least one can do to maintain a degree of security while still allowing exports.
Why is the protocol dictating the user's security model? I can see why particular applications wouldn't choose to support insecure exports (and would even agree with that), but I genuinely don't understand why the protocol is dictating that an application can't allow users the freedom to choose their own security model. The same issue exists with HSTS, which I've found infuriating when the system is obviously wrong and I have to resort to absurd workarounds as a user because the application is handicapped from giving me an "ignore this" button.

Moreover, "just" password protecting a file isn't allowed by the draft CXP standard (https://fidoalliance.org/specs/cx/cxp-v1.0-wd-20241003.html#...), you have to use a HPKE scheme where the key exchange is manually orchestrated by the user to export offline. I get it from a security perspective, but that's stupid.

tadfisher 5 days ago  [ - ]

The other side of this is the Relying Party, a.k.a. the website operator that is relying on the user's password manager to be decently secure and resistant to phishing. Otherwise, why ditch passwords plus 2FA?

AlotOfReading 5 days ago  [ - ]

The website already has guarantees against phishing because those are enforced by the managers. What's prevented is the snooping case of taking an export and cloning it without the exporting manager being involved. This is essentially indistinguishable from many legitimate use cases like archival or access to deceased relatives' credentials, which users might want regardless of the website's preferences.

tadfisher 4 days ago  [ - ]

> The website already has guarantees against phishing because those are enforced by the managers.

There is no such guarantee if credential-stealing malware can export your private key material in plaintext!

AlotOfReading 4 days ago  [ - ]

If the malware can orchestrate the managers, why wouldn't they simply use that power to orchestrate the offline export as they were going to do anyway? The RP ID makes the process a bit noisy, but it doesn't seem to change the fundamental vulnerability for the credential owner.