[webauthn] overall security considerations section or document from =JeffH via GitHub on 2017-01-20 (public-webauthn@w3.org from January 2017)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Fri, 20 Jan 2017 18:45:59 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-202213285-1484937958-sysbot+gh@w3.org>

equalsJeffH has just created a new issue for 
https://github.com/w3c/webauthn:

== overall security considerations section or document ==
Presently, the webauthn spec only has security (and privacy) 
considerations (sec cons) for Attestation. There are actually much 
more broad sec cons to document, especially given this is both a Web 
API and a cryptographic protocol spec.  For an example of 
comprehensive sec cons that are largely applicable to WebAuthn, see: 

https://fidoalliance.org/specs/fido-uaf-v1.1-rd-20161005/fido-security-ref-v1.1-rd-20161005.html





Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/322 using your GitHub account

Received on Friday, 20 January 2017 18:46:05 UTC