Re: [webauthn] RP guidelines should allow RP to not check attestation from Angelo Liao via GitHub on 2017-10-25 (public-webauthn@w3.org from October 2017)

From: Angelo Liao via GitHub <sysbot+gh@w3.org>
Date: Wed, 25 Oct 2017 18:54:09 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-339434017-1508957648-sysbot+gh@w3.org>

It's a good idea to not have the MUST keyword in the RP verification description, I don't believe we can ever impose conformance requirement to RPs. That is beyond the control of anyone. Although FIDO has certified servers, that is purely FIDO's business not W3C's. 

Overall the issue is editorial. I am assigning the issue to CR time for clarification. 

@equalsJeffH @nadalin @YubicoDemo for tracking. 

-- 
GitHub Notification of comment by AngeloKai
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/576#issuecomment-339434017 using your GitHub account

Received on Wednesday, 25 October 2017 18:54:11 UTC