[webauthn] explicitly mention running over TLS in WebAuthn API intro (#1201) from =JeffH via GitHub on 2019-04-18 (public-webauthn@w3.org from April 2019)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Thu, 18 Apr 2019 20:35:07 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-434948885-1555619706-sysbot+gh@w3.org>

equalsJeffH has just created a new issue for https://github.com/w3c/webauthn:

== explicitly mention running over TLS in WebAuthn API intro ==
the WebAuthn API intro has a parag saying:
> The client facilitates these security measures by providing the Relying Party's origin and RP ID to the authenticator for each operation. Since this is an integral part of the WebAuthn security model, user agents only expose this API to callers in secure contexts.

We should explicitly note that being in a secure context means that network connections must all be over secure transport (e.g., TLS) established without errors.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1201 using your GitHub account

Received on Thursday, 18 April 2019 20:35:09 UTC