Re: [webauthn] Could not use Webauthn `PublicKeyCredential.create` when the RP ID is a Host string(ip). (#1358) from Emil Lundberg via GitHub on 2020-01-09 (public-webauthn@w3.org from January 2020)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Thu, 09 Jan 2020 12:39:29 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-572543843-1578573568-sysbot+gh@w3.org>

> I think The Credential used in Webauthn is generated per-site. It will not involves the PKI architecture like CRL(Certification Revocation List) or other things that works with certificate.

Credential keys indeed do not involve any conventional PKI, except for attestation certificates. However, the phishing protection relies on validating the RP ID, which in turn relies on the cert for the RP's domain and thus the PKI for those certs.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1358#issuecomment-572543843 using your GitHub account

Received on Thursday, 9 January 2020 12:39:30 UTC