- From: Mike Jones via GitHub <sysbot+gh@w3.org>
- Date: Mon, 26 Feb 2018 18:25:10 +0000
- To: public-webauthn@w3.org
Thanks for the idea, @agl . For what it's worth, as WebAuthn / FIDO 2 are using RSA-SSA-SHA-1, what we're concerned about is the TPM 1 signing output using this algorithm, which have no way of altering. But yes, we have to get past the Designated Experts to even register the algorithm. I plan to work with Sean Turner (also one of the DEs) at IETF in London on what we should do. Sean was one of the authors of https://tools.ietf.org/html/rfc6194 (Security Considerations for the SHA-0 and SHA-1 Message-Digest Algorithms), and so is an authority on the Subject. -- GitHub Notification of comment by selfissued Please view or discuss this issue at https://github.com/w3c/webauthn/issues/822#issuecomment-368599166 using your GitHub account
Received on Monday, 26 February 2018 18:25:16 UTC