- From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
- Date: Fri, 24 Feb 2017 18:34:40 +0000
- To: public-webauthn@w3.org
IMO it would be better to say something like "In other words, user verification and use of credential private keys must occur within a single logical security boundary" so we do not write in assumptions about authenticator construction. For example, you could do the two operations under different ROEs with an authenticated secure channel between them. -- GitHub Notification of comment by vijaybh Please view or discuss this issue at https://github.com/w3c/webauthn/issues/357#issuecomment-282368183 using your GitHub account
Received on Friday, 24 February 2017 18:34:49 UTC