W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2018

Re: [webauthn] Public key rules for "packed" attestation type

From: Shane Weeden via GitHub <sysbot+gh@w3.org>
Date: Wed, 11 Jul 2018 13:58:21 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-404179370-1531317500-sysbot+gh@w3.org>
Understood. Essentially this defers acceptance criteria to RP policy, which means choices or configuration of whitelist/blacklist of key types/algorithms, leading to potential interoperability challenges. Perhaps if the spec just indicated that the acceptability of a particular key type and subsequent signature validation algorithm is at the discretion of the RP that would at least explain the intent to would-be implementors who read it later.

-- 
GitHub Notification of comment by sbweeden
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/981#issuecomment-404179370 using your GitHub account
Received on Wednesday, 11 July 2018 13:58:32 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:52 UTC