- From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
- Date: Tue, 19 Sep 2017 16:29:09 +0000
- To: public-webauthn@w3.org
jyasskin has just created a new issue for https://github.com/w3c/webauthn: == RP guidelines should allow RP to not check attestation == A Relying Party who merely wants to use public-key credentials without caring how well the private key is protected could get by without including code to parse the attestations, especially after #557 is fixed. However, as @emlun pointed out there, http://w3c.github.io/webauthn/#registering-a-new-credential currently says the RP MUST validate the attestation statement they receive. We should probably provide an explicit path in that algorithm to avoid parsing the attestation statement. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/576 using your GitHub account
Received on Tuesday, 19 September 2017 16:29:01 UTC