- From: Alex Radutskiy via GitHub <sysbot+gh@w3.org>
- Date: Wed, 15 Nov 2017 18:18:17 +0000
- To: public-webauthn@w3.org
@christiaanbrand said: > Telling an RP that you're using a Yubico token vs a Feitian token is a choice we think we need to involve the user in. If this the principle you want to uphold, then you MUST show it for both privacy or direct attestation IMO. As a user, why should I feel more comfortable giving my private information to some thing called "privacy CA" run by a corporation and not comfortable giving it to an RP run by another or even same corporation? But if we go down that route, we would either be killing attestation because RPs would never want to deal with "scary" warnings that users say no to OR we are creating a warning that users ignore. I think we can agree that warnings that users ignore are not only useless, but are detrimental to other useful warnings. Do we think that attestation is also useless or bad? -- GitHub Notification of comment by alradmsft Please view or discuss this issue at https://github.com/w3c/webauthn/pull/636#issuecomment-344681504 using your GitHub account
Received on Wednesday, 15 November 2017 18:18:18 UTC