Re: [webauthn] Handling unwanted or unsupported attestation formats (#1485) from Ki-Eun Shin via GitHub on 2020-09-17 (public-webauthn@w3.org from September 2020)

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Thu, 17 Sep 2020 01:01:23 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-693745016-1600304482-sysbot+gh@w3.org>

> There is no security difference between receiving a "none" attestation, vs. receiving and ignoring a full attestation.

@emlun regarding this, the security might be equal between two. But, the core difference is whether we can get the authenticator model identifier (aaguid) or not. At least with this information, RP might refer the details of the authenticator from metadata.

-- 
GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1485#issuecomment-693745016 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 17 September 2020 01:01:26 UTC