Re: [webauthn] Add to sec cons a brief discussion of the sec properties accrued by authnr & client platform proximity (#1333) from Nick Mooney via GitHub on 2019-12-12 (public-webauthn@w3.org from December 2019)

From: Nick Mooney via GitHub <sysbot+gh@w3.org>
Date: Thu, 12 Dec 2019 01:18:21 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-564806107-1576113500-sysbot+gh@w3.org>

I think @agl's concerns are partially addressed by the section that discusses what tradeoffs may be made if the client and the authenticator are not being discussed directly. I still see compelling use cases for authentications where a "proximal" transport isn't possible (and I would argue that proximity is a bandaid, not a guarantee).

It would be reasonable to add some discussion more directly of what the benefits of proximity are;  ultimately I think it's a choice that is best left up to implementors equipped with an understanding of the security tradeoffs involved rather than being mandated in any way.

-- 
GitHub Notification of comment by nickmooney
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1333#issuecomment-564806107 using your GitHub account

Received on Thursday, 12 December 2019 01:18:24 UTC