Re: [webauthn] Leap of Faith not only for Self and None Attestation Types from Emil Lundberg via GitHub on 2018-10-01 (public-webauthn@w3.org from October 2018)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Mon, 01 Oct 2018 13:44:43 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-425912877-1538401482-sysbot+gh@w3.org>

Hm, I think you are right. In fact, perhaps we should just delete the whole section [§13.3.1. Considerations for Self and None Attestation Types and Ignoring Attestation][sec], and also remove "Registration and" from item (3) in [§13.3. Security Benefits for WebAuthn Relying Parties][secben].

Biometric user verification also wouldn't help, since that only verifies what was established at registration time.

[sec]: https://www.w3.org/TR/webauthn/#sctn-no-attestation-security-attestation
[secben]: https://www.w3.org/TR/webauthn/#sctn-rp-benefits

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1088#issuecomment-425912877 using your GitHub account

Received on Monday, 1 October 2018 13:44:45 UTC