W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2019

Re: [webauthn] Add to sec cons a brief discussion of the sec properties accrued by authnr & client platform proximity (#1333)

From: Nick Mooney via GitHub <sysbot+gh@w3.org>
Date: Thu, 12 Dec 2019 01:18:21 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-564806107-1576113500-sysbot+gh@w3.org>
I think @agl's concerns are partially addressed by the section that discusses what tradeoffs may be made if the client and the authenticator are not being discussed directly. I still see compelling use cases for authentications where a "proximal" transport isn't possible (and I would argue that proximity is a bandaid, not a guarantee).

It would be reasonable to add some discussion more directly of what the benefits of proximity are;  ultimately I think it's a choice that is best left up to implementors equipped with an understanding of the security tradeoffs involved rather than being mandated in any way.

GitHub Notification of comment by nickmooney
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1333#issuecomment-564806107 using your GitHub account
Received on Thursday, 12 December 2019 01:18:24 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:39 UTC