[webauthn] Clarify language in Section 13 'Security Considerations'

brentfulgham has just created a new issue for https://github.com/w3c/webauthn:

== Clarify language in Section 13 'Security Considerations' ==
Section 13 "Security Considerations" is normative. The second paragraph (beginning "At this
time") twice uses unclear language ("which is/are overall applicable").
Is this normative?

The second case ("defines…security characteristics which are overall applicable") is particularly concerning, as the referenced document defines multiple levels of conformance, and it's
unclear which (if any) this is attempting to invoke.

Proposed change:
Strike:
"Also, the [FIDOAuthnrSecReqs] document suite defines authenticator security characteristics which are overall applicable for WebAuthn authenticators." 

... and replace with:

"Also the [FIDOAuthnrSecReqs] document suite provides useful information about authenticator security characteristics."

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1097 using your GitHub account

Received on Monday, 15 October 2018 17:22:38 UTC