- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Fri, 09 Mar 2018 23:50:41 +0000
- To: public-webauthn@w3.org
Thanks for writing this up @emlun. This appears to be useful info that we do not already address. Though, it seems to me to be more security considerations material than conformance. In looking through it I notice that we probably ought to explicitly address the case of "none" attestation in the [Registering a new credential](https://www.w3.org/TR/2018/WD-webauthn-20180306/#registering-a-new-credential) RP ops subsection, at least in step 14 (since the "none" attStmt format is the only one without a sig to verify). There's various polishing and terminological fixes I'd offer but will wait on doing so since I'm betting we'll address this issue & PR for PR-milestone and we're presently still trying to attain CR. thanks again. -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/pull/829#issuecomment-371978052 using your GitHub account
Received on Friday, 9 March 2018 23:50:44 UTC