Re: [webauthn] RP guidelines should allow RP to not check attestation

Perhaps this isn't a big issue, but one caveat of this is that if the RP does not parse the attestation statement then it also cannot verify the registration signature, so there is no cryptographic proof that the client has access to the corresponding private key.

One counterpoint is that the ritual will be performed over HTTPS anyway, and should be resistant to network MitM attacks, but this would still be vulnerable to cross-site scripting attacks that make it onto a HTTPS page. If the registration signature is not verified then a script could replace the public key and credential ID with one hard-coded into the attack payload. Verifying the signature at least requires the attacker to be able to dynamically generate the correct signature for the substituted public key.

Of course, this weakness applies only at registration time and if there's XSS you're probably screwed either way, so my point may be moot. It just feels exceptionally wrong to explicitly allow the signature to go unverified.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/576#issuecomment-330632001 using your GitHub account

Received on Tuesday, 19 September 2017 18:38:12 UTC