Re: [webauthn] Attestation privacy advice creates large scale security risks (#1127)

>every authenticator that is on the market with that attestation key must be removed

No - users can safely continue to use the credentials they've already created (before the breach is determined to have happened) with such a device. Credential creation is a relatively rare occurrence, so many users might not be affected at all.

>so can't be used for future registrations.

Agreed; this can be enforced via server-side software updates.

What I mean to say is that a compromised attestation key is not a black-and-white security disaster as I read the OP to mean; the practical impact depends a lot on the circumstances about when the breach happened vs. when it was discovered, and each RP's attestation policy. I agree we shouldn't encourage larger batches than necessary, but I don't think normative requirements on batch sizes are in scope for the WebAuthn spec. That seems more suitable for a certification authority like FIDO to decide - the only RPs for which this kind of breach would have any impact at all are the same RPs that are likely to require authenticator certification.

GitHub Notification of comment by emlun
Please view or discuss this issue at using your GitHub account

Received on Friday, 11 January 2019 16:17:53 UTC