Re: [webauthn] Make packed attestation format Privacy CA-friendly

To Adams comment, I am more comfortable with just blinding the "CA"  to the RP ID rather than removing the audience totally.
It may be a mistake to call this a privacy CA.  It is more of a blinding proxy for the attestation.

If the RP ID can be hashed with a nonce before going to the fido client then CTAP would not necessarily need a new attestation format.   The proxy would need a new attestation type so that the client would know how to verify the blinded RP_ID but other than that the packed format could stay the same.

GitHub Notification of comment by ve7jtb
Please view or discuss this issue at using your GitHub account

Received on Wednesday, 4 October 2017 22:12:02 UTC