W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2020

Re: [webauthn] Could not use Webauthn `PublicKeyCredential.create` when the RP ID is a Host string(ip). (#1358)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Thu, 09 Jan 2020 12:39:29 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-572543843-1578573568-sysbot+gh@w3.org>
> I think The Credential used in Webauthn is generated per-site. It will not involves the PKI architecture like CRL(Certification Revocation List) or other things that works with certificate.

Credential keys indeed do not involve any conventional PKI, except for attestation certificates. However, the phishing protection relies on validating the RP ID, which in turn relies on the cert for the RP's domain and thus the PKI for those certs.

GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1358#issuecomment-572543843 using your GitHub account
Received on Thursday, 9 January 2020 12:39:30 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:39 UTC