W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2020

Re: [webauthn] WebAuthn and Web Payments -- Transaction Confirmation, 3DS2, SRC, etc. (#1396)

From: bleddyv via GitHub <sysbot+gh@w3.org>
Date: Tue, 07 Jul 2020 13:50:56 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-654876277-1594129855-sysbot+gh@w3.org>
From the start of the FIDO Alliance, the working assumption has been that if the OS is compromised then everything else is potentially in trouble but we need to address the parts that we can address. It is like complete awareness of my own ignorance and fallability would prevent me from getting out of bed in the morning, but I managed it again today.

The scalability of the attack (compromised OS) is a consideration for the relying party (and auditors) along with other data when making a decision about the value of the confirmation. 

I don't think anyone expects Tx Conf to be bullet proof at the outset, but doing the most good for the most people in the near term is a good goal. Then improving the security of the entire approach in a monotonically nondecreasing manner over time will continue the progress.

-- 
GitHub Notification of comment by bleddyv
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1396#issuecomment-654876277 using your GitHub account
Received on Tuesday, 7 July 2020 13:50:59 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 7 July 2020 13:51:00 UTC