- From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
- Date: Fri, 10 Nov 2017 19:32:06 +0000
- To: public-webauthn@w3.org
Your use cases are valid, but the proposed language allows a browser to reject direct attestation always and that is against the spirit of the compromise that we've discussed at TPAC2017. To find another compromise for the situations that you bring up, can we change the language as follows: <dfn>direct</dfn> - indicates that the [=[RP]=] requires to receive the attestation directly from the authenticator. In this case, the Platform MUST provide non-modified attestation statement from the authenticator. Platform MAY ask for user consent in privacy sensitive modes of operation such as Incognito or Private browsing, -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/pull/636#issuecomment-343565111 using your GitHub account
Received on Friday, 10 November 2017 19:32:08 UTC