Re: [webauthn] Handling unwanted or unsupported attestation formats (#1485) from Thomas via GitHub on 2020-09-17 (public-webauthn@w3.org from September 2020)

From: Thomas via GitHub <sysbot+gh@w3.org>
Date: Thu, 17 Sep 2020 15:12:31 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-694303246-1600355549-sysbot+gh@w3.org>

Thanks all for the clarification. For my own library I think accepting unsupported attestations as an 'unknown' type with the verification resulting in a "none" attestation type is a valid approach then, with an option to enable strict compliance to the supported attestation types.

One of the reason's I use "best-effort" attestation is to determine the authenticator's device name and aid the user in automatically naming the registered key something like "Yubikey 5".

> I've opened [Bug 1665466](https://bugzilla.mozilla.org/show_bug.cgi?id=1665466) at Firefox for the Firefox bug - sorry that it's in the way!

Thanks, I suspected this was a bug but wasn't sure.

> @madwizard-thomas , Can you also specify Windows 10 version?

It's windows 10 Pro version 2004.





-- 
GitHub Notification of comment by madwizard-thomas
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1485#issuecomment-694303246 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 17 September 2020 15:12:32 UTC