Gary Buhrmaster wrote:
[2] As I understand it, the issue is the
lack of the required trusted environment
in generic Linux. There are software
implementations that do not have the
hardware enclave protections,
And to be honest, I do not see the problem there. I will use whatever will
let me pass the Fedora security theater checks without investing in extra
hardware. (This also means that if I am offered the choice, I will pick TOTP
over FIDO2 any day, because TOTP does not require me to emulate a fake
hardware crypto device like FIDO2 does.)
And in my view, the fact that, in those implementations, there is no
Treacherous Computing hardware preventing me from doing what I want with my
own private key (e.g., just copying the same key to all my devices, as I can
also do with TOTP) is actually a feature, even if it goes against the
"security" model.
Kevin Kofler