Open authentication standards industry group FIDO Alliance has released a pair of specification drafts for Credential Exchange Protocol and Credential Exchange Format to advance the secure transfer of passkey across various providers, reports BleepingComputer. The specifications aim to increase the adoption of the cryptography-using authentication method.
While CXP details secure credential transfers via the Diffie-Hellman key exchange and hybrid public key encryption, CXF details a standard structure for such credential transfer, with JSON within ZIP being one of the proposed formats, according to FIDO Alliance, which created the drafts with the cooperation of its members and stakeholders.
Stakeholders include Google, Bitwarden, NordPass, Dashlane, and 1Password. Organizations and other experts looking to aid in the development of both specifications have been urged to do so through the "fido-alliance / credential-exchange-feedback" GitHub page.
While FIDO Alliance will continuously update the drafts to include newly added suggestions, it has yet to announce when both specifications will be finalized.