Thanks for the sneak peak. Is there any video demonstrated in RSAC? I'm trying to find it, but I can't. It would be really helpful. Regards, Ki-Eun Shin, Senior Technical Product Manager, SK telecom 2022년 6월 14일 (화) 오전 11:46, Christiaan Brand <cbrand@google.com>님이 작성: > I will repeat what I said at the f2f: we think it’s more important to get > *something* out there that folks can start to play with, than waiting until > all the (arguably important!) features are there. Attestation is one such > feature. Stay tuned. > > On Mon, Jun 13, 2022 at 19:23 John Bradley <jbradley@yubico.com> wrote: > >> I think it needs to be considered single factor phishing resistant. >> >> I don’t know if DPK without attestation is really useful. >> >> It is defiantly better than a password and probably better than password >> plus SMS. >> >> If the expectations are reasonable they are fine with no DPK. >> >> John B. >> >> On Mon, Jun 13, 2022 at 7:19 PM Shane B Weeden <sweeden@au1.ibm.com> >> wrote: >> >>> If there is no attestation on the DPK, then it cannot be considered a >>> trusted indicator of a device-bound risk signal and we’re back to WebAuthn >>> with passkeys essentially providing only first-factor authentication. >>> >>> >>> >>> >>> On 14 Jun 2022, at 2:32 am, Adam Langley <agl@google.com> wrote: >>> >>> This Message Is From an External Sender >>> This message came from outside your organization. >>> >>> On Mon, Jun 13, 2022 at 5:25 PM John Bradley <jbradley@yubico.com> >>> wrote: >>> >>>> For discoverable credentials on Android will the DPK have a safety net >>>> attestation or no attestation until there is a new format? >>>> >>> >>> No attestation, by current plans. >>> >>> >>> Cheers >>> >>> AGL >>> >>> >>>
Received on Tuesday, 14 June 2022 03:14:51 UTC