- From: John Bradley via GitHub <sysbot+gh@w3.org>
- Date: Thu, 05 Oct 2017 00:59:09 +0000
- To: public-webauthn@w3.org
Good point. That method of blinding won't work. That leaves us with needing to change the attestation from the Authenticator to support this. What are the security implications of leaving a audiance out of the attestation. Is there anything else that is currently passed to the Authenticator that could also be used as an audiance? The format returned needs to work both directly and with a privacy CA or whatever it is called or it will require opening up CTAP just when we thought that we were done. -- GitHub Notification of comment by ve7jtb Please view or discuss this issue at https://github.com/w3c/webauthn/issues/584#issuecomment-334330569 using your GitHub account
Received on Thursday, 5 October 2017 00:58:58 UTC