W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2018

Re: [webauthn] Leap of Faith not only for Self and None Attestation Types

From: milesstoetzner via GitHub <sysbot+gh@w3.org>
Date: Wed, 10 Oct 2018 09:01:42 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-428494643-1539162101-sysbot+gh@w3.org>
I just wanted to point out, that my assumption about an existing MiM is taken from the [specification](https://www.w3.org/TR/webauthn/#sctn-no-attestation-security-attestation) - extended by the fact, that the attacker can own an by the RP accepted Authenticator and ,therefore, is able to create a valid AttestationObject using all kinds of AttestationTypes (not just Self or None).

GitHub Notification of comment by milesstoetzner
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1088#issuecomment-428494643 using your GitHub account
Received on Wednesday, 10 October 2018 09:01:49 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:35 UTC