Re: [webauthn] Remove attestation specification from spec from gmandyam via GitHub on 2016-07-28 (public-webauthn@w3.org from July 2016)

From: gmandyam via GitHub <sysbot+gh@w3.org>
Date: Thu, 28 Jul 2016 18:18:39 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-235980398-1469729918-sysbot+gh@w3.org>

But the spec does not provide sufficient information on the 
attestation formats.  For instance, the SafetyNet attestation links to
 a webpage hosted outside of the W3C, and in my opinion describes a 
proprietary format (e.g. there is no description how the boolean 
"ctsProfileMatch" is determined).  I don't see a purpose in providing 
descriptions of proprietary attestation formats in the specification -
 that can be done via a registry (pointing to an outside specification
 if necessary).  

Keeping the packed attestation in the spec is fine, as it is 
fully-defined in the WebAuthn specification.  The other stuff can go 
in a registry.

-- 
GitHub Notification of comment by gmandyam
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/108#issuecomment-235980398 
using your GitHub account

Received on Thursday, 28 July 2016 18:18:47 UTC