WF-I-3 — WebAuthn PRF output intercepted during unlock
Component: Wallet Frontend. Mitigations: PRF output never transmitted; used in-memory for HKDF derivation only. Action: None required.
| Property | Value |
|---|---|
| Section | Information Disclosure |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-KEY-01 | WSCA WebSocket Key Signing Delegation |
| SID-CRYPTO-02 | PRF Extension Key Derivation |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md