Re: [webauthn] Add RP conformance section on ignoring attestation

Thanks for writing this up @emlun. This appears to be useful info that we do not already address. Though, it seems to me to be more security considerations material than conformance. 

In looking through it I notice that we probably ought to explicitly address the case of "none" attestation in the [Registering a new credential]( RP ops subsection, at least in step 14 (since the "none" attStmt format is the only one without a sig to verify).

There's various polishing and terminological fixes I'd offer but will wait on doing so since I'm betting we'll address this issue & PR for PR-milestone and we're presently still trying to attain  CR.  thanks again. 

GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at using your GitHub account

Received on Friday, 9 March 2018 23:50:44 UTC