Re: [webauthn] Platform authenticators and key stores

discussed on 2018-03-28 webauthn call: @christiaanbrand acks that they have been thinking about this -- thinks their current impl ignores the spec in this case...  at least on Android, they know that a "key got wiped" and so can be smarter about it, but am not sure all platforms have that info available.

@akshayku how do you know to fallback to the external authnrs in this case?

@christiaanbrand: android knows that a key existed at one time.  wonders whether we ought to introduce the attachment parm to the get() request (#getAssertion). this is not optimal soln because what if user is using different profiles/personas (?).... need to think about this.

@akshayku: windows has system restore notion which wipes the entire machine and all knowledge goes away....  platformResident keys will disappear...

@christiaanbrand: there's a bunch of subtleties to this and wishes to discuss this further

GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at using your GitHub account

Received on Wednesday, 28 March 2018 17:59:02 UTC