Re: [webauthn] Leap of Faith not only for Self and None Attestation Types

I just wanted to point out, that my assumption about an existing MiM is taken from the [specification]( - extended by the fact, that the attacker can own an by the RP accepted Authenticator and ,therefore, is able to create a valid AttestationObject using all kinds of AttestationTypes (not just Self or None).

GitHub Notification of comment by milesstoetzner
Please view or discuss this issue at using your GitHub account

Received on Wednesday, 10 October 2018 09:01:49 UTC