- From: John Bradley <ve7jtb@ve7jtb.com>
- Date: Fri, 6 Aug 2021 11:38:52 -0400
- To: DanielSanchezDiaz via GitHub <sysbot+gh@w3.org>
- Cc: W3C Web Authn WG <public-webauthn@w3.org>
- Message-ID: <CAANoGhKycEpUDEBV7d398m6bjvwSoNd8-EQm8vkZTJE9Ssj1+w@mail.gmail.com>
The type of attestation the authenticator supports is mostly driven by hardware and operating environment. Microsoft uses a TPM, Android has safety net, security keys have packed. You can't safely use packed on Android as there is no way to protect the private key. RP need to accept all attestation types. That is a requirement for Fido server certification. Regards John B. On Fri, Aug 6, 2021, 11:24 AM DanielSanchezDiaz via GitHub <sysbot+gh@w3.org> wrote: > Hmm. Well the first thing that comes to mind is the case in which the > relying party only supports one kind of attestation type format and would > like to convey that to the authenticator. I'm thinking then it would be > useful for an authenticator to support more than one attestation type > format. > That being said, another solution is for the relying party to simply > implement support for whatever attestation type format the authenticator > uses. > My hope was that I could be lazy and goad most authenticators into using > packed to avoid more work haha. > > -- > GitHub Notification of comment by DanielSanchezDiaz > Please view or discuss this issue at > https://github.com/w3c/webauthn/issues/1659#issuecomment-894335428 using > your GitHub account > > > -- > Sent via github-notify-ml as configured in > https://github.com/w3c/github-notify-ml-config > >
Received on Friday, 6 August 2021 15:38:53 UTC