Re: [webauthn] TPM Attestation Statement Format: Missing COSE Key algorithm Identifier and clarification. from Jeffrey Yasskin via GitHub on 2017-11-15 (public-webauthn@w3.org from November 2017)

From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
Date: Wed, 15 Nov 2017 21:54:32 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-344741020-1510782871-sysbot+gh@w3.org>

Double-checking: does the existence of SHA-1 collisions make these attestations fundamentally insecure? If so, it probably doesn't make sense to support RPs trusting them. If not, please ignore me. :)

-- 
GitHub Notification of comment by jyasskin
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/689#issuecomment-344741020 using your GitHub account

Received on Wednesday, 15 November 2017 21:54:35 UTC