Re: [webauthn] more fully delineate "privacy ca", "attestation ca", "anonymization ca" (#1422) from Jiewen Tan via GitHub on 2020-09-01 (public-webauthn@w3.org from September 2020)

From: Jiewen Tan via GitHub <sysbot+gh@w3.org>
Date: Tue, 01 Sep 2020 23:24:28 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-685185039-1599002667-sysbot+gh@w3.org>

> The idea of an anonymous CA that the authenticator uses to generate per request attestations is different from what Google was proposing as a privacy CA.
> 
> The privacy CA was run by the browser and used to blind the RP to attributes of the Authenticator including potentially AAGUID.
> 
> They seem quite different to me. What apple is describing as anonymous is really what Google is doing for safetynet attestations.
> 
> We never did the privacy CA so getting rid of it is not a big problem. I just don't think they are the same.

I don't think so. See: https://www.w3.org/TR/2017/WD-webauthn-20171205/#privacy-ca.

-- 
GitHub Notification of comment by alanwaketan
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1422#issuecomment-685185039 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 1 September 2020 23:24:30 UTC