- From: Ackermann Yuriy via GitHub <sysbot+gh@w3.org>
- Date: Fri, 11 Jan 2019 07:58:41 +0000
- To: public-webauthn@w3.org
Propose changing to: > Currently FIDO2 authenticator manufacturer must ship a batch, of a size at least 100,000 devices, with the same attestation batch certificate and keypair, that is chains to the attestation root, which is generally stored in authenticator metadata statement. For the next batch the manufacturer will generate new attestation keypair and certificate, that will chain as well to the same attestation root. This approach ensures that users privacy is preserved, due to the size of batch, while ensuring sufficient risk management in case of compromise of the device. -- GitHub Notification of comment by herrjemand Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1127#issuecomment-453417555 using your GitHub account
Received on Friday, 11 January 2019 07:58:42 UTC