W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2019

Re: [webauthn] Attestation privacy advice creates large scale security risks (#1127)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Fri, 11 Jan 2019 14:37:23 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-453536795-1547217442-sysbot+gh@w3.org>
For the record, a compromised _attestation private key_ does not necessarily mean that all devices of the batch become unusable. Any _credential private keys_ previously created by those devices would still be safe. A compromised attestation private key only means that _future_ credentials attested by that attestation key can no longer be trusted to uphold the same security guarantees (in particular, a guarantee that the credential private key was generated on board the device would no longer hold), but all attestation statements produced _before_ the breach remain unaffected.

So, this statement is only half true:

>One's device attestation key is compromised, so entire ten million devices must be marked as revoked.

What would need to be revoked is the trust in attestation statements produced after the breach, so credentials created after the breach would be revoked (assuming the RP's attestation policy cares), but any credentials older than that would _not_ need to be revoked.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1127#issuecomment-453536795 using your GitHub account
Received on Friday, 11 January 2019 14:37:25 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:00 UTC