W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2020

Re: [webauthn] Abstracting the concept of Privacy CA/Attestation CA into Anonymization CA (#1474)

From: Jiewen Tan via GitHub <sysbot+gh@w3.org>
Date: Wed, 02 Sep 2020 18:53:37 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-685931922-1599072815-sysbot+gh@w3.org>
> In [section 6.5.3](https://w3c.github.io/webauthn/#sctn-attestation-types) you are generalizing the TCG's [Attestation CA](https://w3c.github.io/webauthn/#attestation-ca) into the [Anonymization CA notion](https://w3c.github.io/webauthn/#anonymization-ca). We will have to think about that, it _might_ be ok to do so, but only if we retain the present Attestation CA text elsewhere in the spec (perhaps as a subsubsection of [section 6.5.3](https://w3c.github.io/webauthn/#sctn-attestation-types)), and denote it as a particular instance of an Anonymization CA.

Sounds good to me.

> I am guessing that once y'all create a PR addressing issue #1453 (which, ISTM, may add a new specific instance of an Anonymization CA, and may add a new [attestation statement format](https://www.iana.org/assignments/webauthn/webauthn.xhtml#webauthn-attestation-statement-format-ids)) we will be able to properly complete this PR.

I don't foresee myself describing Apple Anonymous Attestation (AAA) in a such detailed way TCG does. In fact, besides the description putting here, I don't think I will write anything else to outline the functionality of AAA.

GitHub Notification of comment by alanwaketan
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1474#issuecomment-685931922 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 2 September 2020 18:53:38 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 2 September 2020 18:53:39 UTC