W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2018

Re: [webauthn] Leap of Faith not only for Self and None Attestation Types

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Mon, 01 Oct 2018 13:44:43 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-425912877-1538401482-sysbot+gh@w3.org>
Hm, I think you are right. In fact, perhaps we should just delete the whole section [§13.3.1. Considerations for Self and None Attestation Types and Ignoring Attestation][sec], and also remove "Registration and" from item (3) in [§13.3. Security Benefits for WebAuthn Relying Parties][secben].

Biometric user verification also wouldn't help, since that only verifies what was established at registration time.

[sec]: https://www.w3.org/TR/webauthn/#sctn-no-attestation-security-attestation
[secben]: https://www.w3.org/TR/webauthn/#sctn-rp-benefits

GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1088#issuecomment-425912877 using your GitHub account
Received on Monday, 1 October 2018 13:44:45 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:35 UTC