Re: [webauthn] Allow authenticators to do None instead of Self attestation (#1182) from Emil Lundberg via GitHub on 2019-04-05 (public-webauthn@w3.org from April 2019)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Fri, 05 Apr 2019 08:30:52 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-480193209-1554453050-sysbot+gh@w3.org>

Yeah. This does apply to non-CTAP authenticators, but this was done mostly for internal consistency reasons since it seemed contradictory that "authenticators MUST also provide some form of attestation" while the spec also supports the None attestation format. It's probably not terribly useful to sync this into CTAP, since most of the point of hardware authenticators is that they're capable of protecting secrets such as an attestation key.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1182#issuecomment-480193209 using your GitHub account

Received on Friday, 5 April 2019 08:31:53 UTC