W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2021

Re: [webauthn] <new proposal> Extending WebAuthn Protocol for Remote Authentication (#1580)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Tue, 09 Mar 2021 02:37:47 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-793288278-1615257466-sysbot+gh@w3.org>
if this is going to be a generic binary data signing mechanism then the process would be very similar to get assertion yes. We would need the RP to send a create signed assertion options or similar with a challenge to prevent replays, and the collected client data would be extended to contain a sha256 of the data we want to assert. Otherwise the process is similar to assertion. 

It may be better to frame the proposal as signing arbitrary data than using the camera example. It makes it clearer that the proposal can have many more applications. 

It's also worth discussing how this creates a chain of trust to the data, but also needs to have discussed the weaknesses of this system. 

-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1580#issuecomment-793288278 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 9 March 2021 02:37:49 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:43 UTC