Re: [webauthn] Adding a choice for RP to express preferences for attestation types from Emil Lundberg via GitHub on 2017-10-19 (public-webauthn@w3.org from October 2017)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Thu, 19 Oct 2017 08:29:03 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-337836885-1508401742-sysbot+gh@w3.org>

@akshayku It looks like you're confusing _attestation statement formats_ ("signing/verification procedures") and  _attestation types_ ("trust models"). The two are distinct: `packed`, `tpm`, `andoid-key`, `android-safetynet` and `fido-u2f` are the currently defined attestation statement formats and "Self Attestation", "Basic Attestation", "Privacy CA" and "ECDAA" are the currently defined attestation types. Each attestation statement format can convey some nonempty subset of the attestation types. I'm not suggesting any new attestation statement formats or attestation types, the only thing new I suggest is `none` as a pseudo-attestation type used only in this preference parameter to tell the client that any attestation statement will be completely ignored.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/636#issuecomment-337836885 using your GitHub account

Received on Thursday, 19 October 2017 08:29:09 UTC