[webauthn] also cite the other extant TLS channel binding mechanisms? from =JeffH via GitHub on 2016-08-16 (public-webauthn@w3.org from August 2016)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Tue, 16 Aug 2016 22:55:22 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-171537093-1471388120-sysbot+gh@w3.org>

equalsJeffH has just created a new issue for 
https://github.com/w3c/webauthn:

== also cite the other extant TLS channel binding mechanisms? ==
the webauthn spec presently cites only the work-in-progress IETF Token
 Binding specs for purposes of cryptographically binding to the 
underlying TLS channel. platform support for that spec will be 
forthcoming but not overnight (plus the spec is not finalized). there 
are other extant TLS channel binding mechanisms -- the Channel ID mech
 (impl'd in chrome) and the RFC5929 mechs. though RFC5929 tls-unique 
is proven insecure and is deprecated, tls-server-end-point remains at 
least conceptually viable and if there is support for it in the wild 
it should perhaps be cited (as an option) since token binding is only 
emergent. 

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/168 using your GitHub account

Received on Tuesday, 16 August 2016 22:55:28 UTC