W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2018

[webauthn] Clarify language in Section 13 'Security Considerations'

From: brentfulgham via GitHub <sysbot+gh@w3.org>
Date: Mon, 15 Oct 2018 17:22:37 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-370263060-1539624156-sysbot+gh@w3.org>
brentfulgham has just created a new issue for https://github.com/w3c/webauthn:

== Clarify language in Section 13 'Security Considerations' ==
Section 13 "Security Considerations" is normative. The second paragraph (beginning "At this
time") twice uses unclear language ("which is/are overall applicable").
Is this normative?

The second case ("defines…security characteristics which are overall applicable") is particularly concerning, as the referenced document defines multiple levels of conformance, and it's
unclear which (if any) this is attempting to invoke.

Proposed change:
"Also, the [FIDOAuthnrSecReqs] document suite defines authenticator security characteristics which are overall applicable for WebAuthn authenticators." 

... and replace with:

"Also the [FIDOAuthnrSecReqs] document suite provides useful information about authenticator security characteristics."

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1097 using your GitHub account
Received on Monday, 15 October 2018 17:22:38 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:35 UTC