W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2018

Re: [webauthn] spec is missing baseline posture that credential source is bound to a particular authenticator (#1122)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 19 Dec 2018 15:38:08 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-448638771-1545233886-sysbot+gh@w3.org>
There is one brief mention of this buried deep in the middle of [ยง4. Terminology > Client-side-resident Public Key Credential Source][1]:

>[...] By definition, the credential private key is always exclusively controlled by the authenticator. [...]

[1]: https://w3c.github.io/webauthn/#client-side-resident-public-key-credential-source

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1122#issuecomment-448638771 using your GitHub account
Received on Wednesday, 19 December 2018 15:38:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:59 UTC