equalsJeffH has just created a new issue for https://github.com/w3c/webauthn: == also cite the other extant TLS channel binding mechanisms? == the webauthn spec presently cites only the work-in-progress IETF Token Binding specs for purposes of cryptographically binding to the underlying TLS channel. platform support for that spec will be forthcoming but not overnight (plus the spec is not finalized). there are other extant TLS channel binding mechanisms -- the Channel ID mech (impl'd in chrome) and the RFC5929 mechs. though RFC5929 tls-unique is proven insecure and is deprecated, tls-server-end-point remains at least conceptually viable and if there is support for it in the wild it should perhaps be cited (as an option) since token binding is only emergent. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/168 using your GitHub accountReceived on Tuesday, 16 August 2016 22:55:28 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:22 UTC