Re: [webauthn] Add to sec cons a brief discussion of the sec properties accrued by authnr & client platform proximity (#1333) from =JeffH via GitHub on 2020-02-19 (public-webauthn@w3.org from February 2020)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 19 Feb 2020 20:20:55 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-588429903-1582143653-sysbot+gh@w3.org>

on 2020-02-19 call: akshay reports msft looking into using remote SKs to remote desktop and in the desktop do things via webauthn.  AGL reports that this use case is supported in chrome remote desktop. threat model remains that an attacker must compromise something nearby the user.  Ought to add something to client data when operating in such a scenario. Ie. this PRs language does not preclude remote desktop use cases.

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1333#issuecomment-588429903 using your GitHub account

Received on Wednesday, 19 February 2020 20:20:56 UTC