- From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
- Date: Tue, 02 May 2017 22:53:45 +0000
- To: public-webauthn@w3.org
@AngeloKai In your informal vote, what did your coworkers think a device- or authenticator-bound credential would imply? What did they think a public-key credential would imply? IIUC, with self-attested keys, there's not actually a guarantee that the key is bound to the client? Whereas there is always a public/private key pair involved? (None of the ScopedCredential interface survived the first TAG review: they said to merge it into Credential Manager.) -- GitHub Notification of comment by jyasskin Please view or discuss this issue at https://github.com/w3c/webauthn/pull/432#issuecomment-298783767 using your GitHub account
Received on Tuesday, 2 May 2017 22:53:52 UTC