W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2019

Re: [webauthn] Attestation privacy advice creates large scale security risks (#1127)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Fri, 11 Jan 2019 16:17:52 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-453570748-1547223471-sysbot+gh@w3.org>
>every authenticator that is on the market with that attestation key must be removed

No - users can safely continue to use the credentials they've already created (before the breach is determined to have happened) with such a device. Credential creation is a relatively rare occurrence, so many users might not be affected at all.

>so can't be used for future registrations.

Agreed; this can be enforced via server-side software updates.

What I mean to say is that a compromised attestation key is not a black-and-white security disaster as I read the OP to mean; the practical impact depends a lot on the circumstances about when the breach happened vs. when it was discovered, and each RP's attestation policy. I agree we shouldn't encourage larger batches than necessary, but I don't think normative requirements on batch sizes are in scope for the WebAuthn spec. That seems more suitable for a certification authority like FIDO to decide - the only RPs for which this kind of breach would have any impact at all are the same RPs that are likely to require authenticator certification.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1127#issuecomment-453570748 using your GitHub account
Received on Friday, 11 January 2019 16:17:53 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:00 UTC