- From: Jiewen Tan via GitHub <sysbot+gh@w3.org>
- Date: Wed, 12 Aug 2020 18:49:32 +0000
- To: public-webauthn@w3.org
I'm proposing a change to the AttCA to the following: Anonymous CA In this case, the Authenticator works with a cloud-operated Anonymous CA owned by its manufacturer to dynamically generate per-credential attestation certificates on the CA such that no identification information of the authenticator will be revealed to RPs in the attestation statement. The above is basing on the original description of Privacy CA and the writing from 14.4.1. Attestation Privacy. It's trying to keep the concept simple to only reflect the common facts. How the authenticator is communicated with the CA is intentionally omitted given it is very vendor specific. Comments are welcomed! -- GitHub Notification of comment by alanwaketan Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1422#issuecomment-673047843 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 12 August 2020 18:49:34 UTC