kaczmarczyck

The browser controls whether U2F or CTAP2, and it's also your privacy advocate. The browser doesn't directly forward the received responses from your security key, but filters necessary information. For...

@bubundas17 Can you tell me more about your use case? It has traditionally been considered a feature that secrets can not leave your security key. I believe there may be...

Users should have the choice whether they want to lock down access to JTAG or not. You can [configure OpenSK](https://github.com/google/OpenSK/blob/f2496a8e6d71a4e838884996a1c9b62121f87df2/tools/configure.py#L187) to be locked down for improved security. I'm not saying...

I opened a new issue #455 to track that. Seems like an independent problem!

The work mentioned by @geofli is tracked under #457. We are looking into the problem of supporting none attestation. Looks like OpenSK is working as intended, but I will keep...

Thanks for the notice! Are there commits before and after crypto migration? I'd be interested in binary size.

I that case, that's hard to compare. At some point in the future, we will peek at hardware crypto and then also take a closer look at other libraries. Thanks!

If I read this correctly, the numbers are still hard to compare. For example, our `decode_complete_data_item` only takes 1.2KiB in `cargo bloat`. This is probably because we compile with `opt-level...

Hi! We are open to the idea of a `ctap` crate. The current implementation does not cleanly separate the logic, transports and drivers. We would need to design an interface...

Thanks for reporting. I'll look into it when I have time. Seems to be not too high impact, since you can always test locally with `run_desktop_tests` and it works on...