Re: [webauthn] Fix #593 - Refer to RFC 8266 for RP-controlled UI strings from Peter Saint-Andre via GitHub on 2018-05-10 (public-webauthn@w3.org from May 2018)

From: Peter Saint-Andre via GitHub <sysbot+gh@w3.org>
Date: Thu, 10 May 2018 16:42:44 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-388111270-1525970563-sysbot+gh@w3.org>

We discussed this issue on the i18n WG call this morning and concluded that we would like to understand the context and attack surface more fully. In particular, what prevents an RP from (say) [asserting it is Stripe](https://www.comodoca.com/en-us/about/blog/on-comodo-ca%e2%80%99s-recent-revocation-of-an-ssl-certifi/) and does an attacker really need to go through all the headaches of an internationalized spoofing attack if something much simpler is possible?

-- 
GitHub Notification of comment by stpeter
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/878#issuecomment-388111270 using your GitHub account

Received on Thursday, 10 May 2018 16:42:46 UTC