Re: [webauthn] more fully delineate "privacy ca", "attestation ca", "anonymization ca" (#1422) from John Bradley via GitHub on 2020-08-27 (public-webauthn@w3.org from August 2020)

From: John Bradley via GitHub <sysbot+gh@w3.org>
Date: Thu, 27 Aug 2020 14:18:41 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-681978667-1598537920-sysbot+gh@w3.org>

The idea of an anonymous CA that the authenticator uses to generate per request attestations is different from what Google was proposing as a privacy CA.  

The privacy CA was run by the browser and used to blind the RP to attributes of the Authenticator including potentially AAGUID.

They seem quite different to me.  What apple is describing as anonymous is really what Google is doing for  safetynet attestations.   

We never did the privacy CA so getting rid of it is not a big problem.   I just don't think they are the same.



-- 
GitHub Notification of comment by ve7jtb
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1422#issuecomment-681978667 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 27 August 2020 14:18:44 UTC