Re: [webauthn] Leap of Faith not only for Self and None Attestation Types

Hm, I think you are right. In fact, perhaps we should just delete the whole section [§13.3.1. Considerations for Self and None Attestation Types and Ignoring Attestation][sec], and also remove "Registration and" from item (3) in [§13.3. Security Benefits for WebAuthn Relying Parties][secben].

Biometric user verification also wouldn't help, since that only verifies what was established at registration time.


GitHub Notification of comment by emlun
Please view or discuss this issue at using your GitHub account

Received on Monday, 1 October 2018 13:44:45 UTC