W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2018

Re: [webauthn] Platform authenticators and key stores

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 28 Mar 2018 17:58:59 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-376979013-1522259937-sysbot+gh@w3.org>
discussed on 2018-03-28 webauthn call: @christiaanbrand acks that they have been thinking about this -- thinks their current impl ignores the spec in this case...  at least on Android, they know that a "key got wiped" and so can be smarter about it, but am not sure all platforms have that info available.

@akshayku how do you know to fallback to the external authnrs in this case?

@christiaanbrand: android knows that a key existed at one time.  wonders whether we ought to introduce the attachment parm to the get() request (#getAssertion). this is not optimal soln because what if user is using different profiles/personas (?).... need to think about this.

@akshayku: windows has system restore notion which wipes the entire machine and all knowledge goes away....  platformResident keys will disappear...

@christiaanbrand: there's a bunch of subtleties to this and wishes to discuss this further

GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/851#issuecomment-376979013 using your GitHub account
Received on Wednesday, 28 March 2018 17:59:02 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:32 UTC