Re: [webauthn] Consider allowing RPs to indicate that they want platform authenticators to be synced across devices from =JeffH via GitHub on 2018-06-28 (public-webauthn@w3.org from June 2018)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Thu, 28 Jun 2018 18:16:26 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-401126337-1530209785-sysbot+gh@w3.org>

@ptoomey3 
> It feels like the cases where a RP would require an attestation might be the exception and not the rule. So, a default of no attestation would imply that the RP assumes nothing about the authenticator (which is probably fine for the vast majority of RPs). And, if they do want to have restrictions, the RP looks for an attestation from an authenticator capable of that.

Yes, that is how the spec is written. See https://www.w3.org/TR/webauthn/#ref-for-enumdef-attestationconveyancepreference and https://www.w3.org/TR/webauthn/#enumdef-attestationconveyancepreference.

thanks for linking to the twitter thread behind @leshi (aka @aczeskis on twit)'s [orig post](https://github.com/w3c/webauthn/issues/969#issue-335502012).

@rlin1 -- your comment wrt key migration/export https://github.com/w3c/webauthn/issues/969#issuecomment-400939998 perhaps is more appropriate for issue #931 ?




-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/969#issuecomment-401126337 using your GitHub account

Received on Thursday, 28 June 2018 18:16:29 UTC