Re: [webauthn] Make packed attestation format Privacy CA-friendly from John Bradley via GitHub on 2017-10-04 (public-webauthn@w3.org from October 2017)

From: John Bradley via GitHub <sysbot+gh@w3.org>
Date: Wed, 04 Oct 2017 22:12:11 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-334304592-1507155117-sysbot+gh@w3.org>

To Adams comment, I am more comfortable with just blinding the "CA"  to the RP ID rather than removing the audience totally.
It may be a mistake to call this a privacy CA.  It is more of a blinding proxy for the attestation.

If the RP ID can be hashed with a nonce before going to the fido client then CTAP would not necessarily need a new attestation format.   The proxy would need a new attestation type so that the client would know how to verify the blinded RP_ID but other than that the packed format could stay the same.

-- 
GitHub Notification of comment by ve7jtb
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/584#issuecomment-334304592 using your GitHub account

Received on Wednesday, 4 October 2017 22:12:02 UTC