- From: Yaron Sheffer <yaron_sheffer@intuit.com>
- Date: Thu, 15 Sep 2016 13:49:45 +0200
- To: <Andreas.Wallner@infineon.com>, <vijaybh@microsoft.com>, <public-webauthn@w3.org>
Received on Thursday, 15 September 2016 11:50:59 UTC
Hi Vijay, I'm afraid I missed your response to my comments. Could you please resend it? Thanks, Yaron On September 15, 2016 10:56:11 AM CEST, Andreas.Wallner@infineon.com wrote: >Hi, > > > >Just a small comment to one of the points raised: > >* 4.1.1 step #4: do we define any mandatory-to-implement >algorithms or credential types? It's hard to get interoperability if we >don't. > >> I believe the goal was to wait for initial implementations, and then >assess the state of algorithm support. Only one credential type is >supported for now, so that one is okay. > >I see a possible problem with this approach: When thinking e.g. about >FIDO we are talking about authenticators that have a pretty hard time >being very crypto-agile (because one e.g. can’t easily find a certified >secure controller that supports very modern algorithms like SHA-3) and >achieving high security (platform based on secure element). In the WD >there is already a list of mandatory algorithms (server side) for the >attestation, should we maybe do the same for the credential? > >Andreas -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Received on Thursday, 15 September 2016 11:50:59 UTC