W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2017

Re: [webauthn] public key cred - fixes #406

From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
Date: Tue, 02 May 2017 22:53:45 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-298783767-1493765624-sysbot+gh@w3.org>
@AngeloKai In your informal vote, what did your coworkers think a device- or authenticator-bound credential would imply? What did they think a public-key credential would imply?

IIUC, with self-attested keys, there's not actually a guarantee that the key is bound to the client? Whereas there is always a public/private key pair involved?

(None of the ScopedCredential interface survived the first TAG review: they said to merge it into Credential Manager.)

-- 
GitHub Notification of comment by jyasskin
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/432#issuecomment-298783767 using your GitHub account
Received on Tuesday, 2 May 2017 22:53:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:36 UTC