Re: [webauthn] Could not use Webauthn `PublicKeyCredential.create` when the RP ID is a Host string(ip). (#1358)

> I think The Credential used in Webauthn is generated per-site. It will not involves the PKI architecture like CRL(Certification Revocation List) or other things that works with certificate.

Credential keys indeed do not involve any conventional PKI, except for attestation certificates. However, the phishing protection relies on validating the RP ID, which in turn relies on the cert for the RP's domain and thus the PKI for those certs.

GitHub Notification of comment by emlun
Please view or discuss this issue at using your GitHub account

Received on Thursday, 9 January 2020 12:39:30 UTC