W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2019

Re: [webauthn] Allow authenticators to do None instead of Self attestation (#1182)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Fri, 05 Apr 2019 08:30:52 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-480193209-1554453050-sysbot+gh@w3.org>
Yeah. This does apply to non-CTAP authenticators, but this was done mostly for internal consistency reasons since it seemed contradictory that "authenticators MUST also provide some form of attestation" while the spec also supports the None attestation format. It's probably not terribly useful to sync this into CTAP, since most of the point of hardware authenticators is that they're capable of protecting secrets such as an attestation key.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1182#issuecomment-480193209 using your GitHub account
Received on Friday, 5 April 2019 08:31:53 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:36 UTC