W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

Re: [webauthn] Make packed attestation format Privacy CA-friendly

From: John Bradley via GitHub <sysbot+gh@w3.org>
Date: Thu, 05 Oct 2017 00:59:09 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-334330569-1507165135-sysbot+gh@w3.org>
Good point.   That method of blinding won't work. 

That leaves us with needing to change the attestation from the Authenticator to support this.  

What are the security implications of leaving a audiance out of the attestation.  Is there anything else that is currently passed to the Authenticator that could also be used as an audiance?

The format returned needs to work both directly and with a privacy CA or whatever it is called or it will require opening up CTAP just when we thought that we were done.  

-- 
GitHub Notification of comment by ve7jtb
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/584#issuecomment-334330569 using your GitHub account
Received on Thursday, 5 October 2017 00:58:58 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC