- From: Shane Weeden via GitHub <sysbot+gh@w3.org>
- Date: Mon, 12 Oct 2020 06:09:54 +0000
- To: public-webauthn@w3.org
My suggestion here is to leave AttCA as-is. Leave TPM attestation assigned as using AttCA (again as-is). Add AnonymizationCA if desired to differentiate what Apple is doing. I think the description proposed for AnonymizationCA is good, and worth adding. It doesn't need to necessarily alter what AttCA means. Further, I would then add an explanatory note (which is useful to RP developers) indicating that effectively Basic, AttCA and AnonymizationCA, if being validated by an RP, all result in an X5C certificate chain verification process against a discovered root (e.g. with MDS as currently described). -- GitHub Notification of comment by sbweeden Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1474#issuecomment-706889314 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 12 October 2020 06:09:56 UTC