- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Thu, 09 Jan 2020 12:39:29 +0000
- To: public-webauthn@w3.org
> I think The Credential used in Webauthn is generated per-site. It will not involves the PKI architecture like CRL(Certification Revocation List) or other things that works with certificate. Credential keys indeed do not involve any conventional PKI, except for attestation certificates. However, the phishing protection relies on validating the RP ID, which in turn relies on the cert for the RP's domain and thus the PKI for those certs. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1358#issuecomment-572543843 using your GitHub account
Received on Thursday, 9 January 2020 12:39:30 UTC