- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Fri, 11 Jan 2019 16:17:52 +0000
- To: public-webauthn@w3.org
>every authenticator that is on the market with that attestation key must be removed No - users can safely continue to use the credentials they've already created (before the breach is determined to have happened) with such a device. Credential creation is a relatively rare occurrence, so many users might not be affected at all. >so can't be used for future registrations. Agreed; this can be enforced via server-side software updates. What I mean to say is that a compromised attestation key is not a black-and-white security disaster as I read the OP to mean; the practical impact depends a lot on the circumstances about when the breach happened vs. when it was discovered, and each RP's attestation policy. I agree we shouldn't encourage larger batches than necessary, but I don't think normative requirements on batch sizes are in scope for the WebAuthn spec. That seems more suitable for a certification authority like FIDO to decide - the only RPs for which this kind of breach would have any impact at all are the same RPs that are likely to require authenticator certification. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1127#issuecomment-453570748 using your GitHub account
Received on Friday, 11 January 2019 16:17:53 UTC