Re: [webauthn] Make packed attestation format Privacy CA-friendly from Adam Langley via GitHub on 2017-09-29 (public-webauthn@w3.org from September 2017)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Fri, 29 Sep 2017 23:02:53 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-333258435-1506726159-sysbot+gh@w3.org>

There might not be an enrollment process between the authenticator and the Privacy-CA. There is not, for example, in current U2F tokens.

As an alternative to Dirk's scheme, the RP ID should be replaced in the signed message with H(blind + RP ID). The Privacy-CA would still see the structure of the message that it was signing, but the blind would only be disclosed to the RP by the client.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/584#issuecomment-333258435 using your GitHub account

Received on Friday, 29 September 2017 23:02:44 UTC