W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

Re: [webauthn] Make packed attestation format Privacy CA-friendly

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Thu, 05 Oct 2017 13:28:33 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-334464584-1507210099-sysbot+gh@w3.org>
Dirk's proposal seems like delegation of generating attestation signature from the authenticator to the Privacy CA (actually it's not in the context of TPM and WebAuthn). This is sometimes called proxy signature scheme. Usually, this approach is used in the applications like grid computing and mobile computing which the client has a limited resources to sign the message. It's not for the privacy of the original signer (authenticator and user).
In current WebAuthn spec there is no such delegation of signing right to other components, which has some privacy risk of leaking to-be-signed message to the proxy signer.
I think we need to clarify what we want to solve. 

GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/584#issuecomment-334464584 using your GitHub account
Received on Thursday, 5 October 2017 13:29:03 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC