W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2019

Re: [webauthn] Q: Regarding Security Concerns Surrounding WebAuthn: Don't Implement ECDAA (Yet) (#1196)

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Wed, 12 Jun 2019 20:02:29 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-501433877-1560369747-sysbot+gh@w3.org>
Per discussion on the WG call:

I think this is yet another argument that WebAuthn WG needs to produce, minimally, an explainer document as to (as an incomplete list of examples) 
1) thorny bits of how the JS API works, 
2) challenge hygiene,
3) migration from FIDO U2F JS API,
4) risk-assessment-grounded choices about attestation types (whether to demand Direct, whether to prohibit None)
5) algorithm selection

(See: #1231, #91, https://github.com/w3c/webauthn/search?q=explainer&type=Issues)

The previous efforts on this were closed as not being a deliverable of the WG. However, perhaps we should just start collecting the data in this wiki: https://github.com/w3c/webauthn/wiki/Explainer:-How-to-Implement-WebAuthn-as-a-Relying-Party

So let's take it there and start collecting. Per the above though, I am closing this issue.

-- 
GitHub Notification of comment by jcjones
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1196#issuecomment-501433877 using your GitHub account
Received on Wednesday, 12 June 2019 20:02:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:05 UTC