- From: Adam Syed via GitHub <sysbot+gh@w3.org>
- Date: Sun, 29 Jul 2018 20:36:29 +0000
- To: public-webauthn@w3.org
I'm not familiar with the webauthn spec yet; however, in terms of sharing data, wouldn't you always risk the same issue with an accidental logging? (@ptoomey3 noted it as a possibility in issue #969 ). In hope to start some sort of a discussion: I think that the `Key Copy` method is my favorite as it doesn't relying on any non-trusted devices as you can share the key with other devices in your possession. One thing I am confused about is the tradeoff talking about the RP losing hardware attestation, could you share some material about WebAuthn's hardware attestation capabilities? I would think that any reliance on hardware specific identification would be a generally bad idea as that would complicate the process of moving devices where in a normal key management system, since it is completely software oriented, you can move keys around to different devices without any issues. -- GitHub Notification of comment by suedadam Please view or discuss this issue at https://github.com/w3c/webauthn/issues/931#issuecomment-408704137 using your GitHub account
Received on Sunday, 29 July 2018 20:37:03 UTC