W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2020

Re: [webauthn] Handling unwanted or unsupported attestation formats (#1485)

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Thu, 17 Sep 2020 01:01:23 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-693745016-1600304482-sysbot+gh@w3.org>
> There is no security difference between receiving a "none" attestation, vs. receiving and ignoring a full attestation.

@emlun regarding this, the security might be equal between two. But, the core difference is whether we can get the authenticator model identifier (aaguid) or not. At least with this information, RP might refer the details of the authenticator from metadata.

-- 
GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1485#issuecomment-693745016 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 17 September 2020 01:01:26 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 17 September 2020 01:01:27 UTC