Re: [webauthn] Abstracting the concept of Privacy CA/Attestation CA into Anonymization CA (#1474)

> In [section 6.5.3](https://w3c.github.io/webauthn/#sctn-attestation-types) you are generalizing the TCG's [Attestation CA](https://w3c.github.io/webauthn/#attestation-ca) into the [Anonymization CA notion](https://w3c.github.io/webauthn/#anonymization-ca). We will have to think about that, it _might_ be ok to do so, but only if we retain the present Attestation CA text elsewhere in the spec (perhaps as a subsubsection of [section 6.5.3](https://w3c.github.io/webauthn/#sctn-attestation-types)), and denote it as a particular instance of an Anonymization CA.
> 

Sounds good to me.

> I am guessing that once y'all create a PR addressing issue #1453 (which, ISTM, may add a new specific instance of an Anonymization CA, and may add a new [attestation statement format](https://www.iana.org/assignments/webauthn/webauthn.xhtml#webauthn-attestation-statement-format-ids)) we will be able to properly complete this PR.

I don't foresee myself describing Apple Anonymous Attestation (AAA) in a such detailed way TCG does. In fact, besides the description putting here, I don't think I will write anything else to outline the functionality of AAA.

-- 
GitHub Notification of comment by alanwaketan
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1474#issuecomment-685931922 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 2 September 2020 18:53:38 UTC