Re: [webauthn] Adding a choice for RP to express preferences for attestation types from Akshay Kumar via GitHub on 2017-11-10 (public-webauthn@w3.org from November 2017)

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Fri, 10 Nov 2017 19:32:06 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-343565111-1510342325-sysbot+gh@w3.org>

Your use cases are valid, but the proposed language allows a browser to reject direct attestation always and that is against the spirit of the compromise that we've discussed at TPAC2017. To find another compromise for the situations that you bring up, can we change the language as follows:

<dfn>direct</dfn> - indicates that the [=[RP]=] requires to receive the attestation directly
from the authenticator. In this case, the Platform MUST provide non-modified attestation statement from the authenticator. Platform MAY ask for user consent in privacy sensitive modes of operation such as Incognito or Private browsing, 



-- 
GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/636#issuecomment-343565111 using your GitHub account

Received on Friday, 10 November 2017 19:32:08 UTC