- From: SAHF via GitHub <sysbot+gh@w3.org>
- Date: Thu, 05 Oct 2017 00:32:47 +0000
- To: public-webauthn@w3.org
For context: I know little about WebAuthn & my comments were pretty off-the-cuff. My concern was that chain building in HTTPS is a (very) complex topic & that without specific guidance, WebAuthn implementors may reuse features of HTTPS implementations—maybe even inadvertently! So if you intend the verification procedure here to be simpler than what it is in HTTPS, it is probably worth writing out the procedure in detail, and/or specifically proscribing HTTPS features that you intend to avoid (such as critical extensions). -- GitHub Notification of comment by SAHF Please view or discuss this issue at https://github.com/w3c/webauthn/issues/605#issuecomment-334327047 using your GitHub account
Received on Thursday, 5 October 2017 00:32:37 UTC