- From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
- Date: Thu, 19 Oct 2017 12:10:20 +0000
- To: public-webauthn@w3.org
In the view point of RP, RP cannot differentiate between Basic and Privacy CA from the attestation data. Since both attestation data have same structure having `x5c`. So, if `x5c` is present, it would be Basic or Privacy CA attestation type. Thus, the verification procedures for both are same. The thing is that there is no way for RP to know that received attestation is Basic or Privacy type. Sometime, RP may want to get attestation types for evaluate security and privacy risk. -- GitHub Notification of comment by Kieun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/656#issuecomment-337888194 using your GitHub account
Received on Thursday, 19 October 2017 12:10:22 UTC