Re: [webauthn] Attestation privacy advice creates large scale security risks (#1127) from Ackermann Yuriy via GitHub on 2019-01-11 (public-webauthn@w3.org from January 2019)

From: Ackermann Yuriy via GitHub <sysbot+gh@w3.org>
Date: Fri, 11 Jan 2019 07:58:41 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-453417555-1547193520-sysbot+gh@w3.org>

Propose changing to:

> Currently FIDO2 authenticator manufacturer must ship a batch, of a size at least 100,000 devices, with the same attestation batch certificate and keypair, that is chains to the attestation root, which is generally stored in authenticator metadata statement. For the next batch the manufacturer will generate new attestation keypair and certificate, that will chain as well to the same attestation root. This approach ensures that users privacy is preserved, due to the size of batch, while ensuring sufficient risk management in case of compromise of the device.


-- 
GitHub Notification of comment by herrjemand
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1127#issuecomment-453417555 using your GitHub account

Received on Friday, 11 January 2019 07:58:42 UTC