Re: [webauthn] <new proposal> Extending WebAuthn Protocol for Remote Authentication (#1580)

I can't see how this is really going to provide a proof of anything particularly useful unless the camera itself (in the example use case of signing an image) was hardware that included an attest-able FIDO2 authenticator capability and the process of taking and then immediately signing the photograph was therefore "within the authenticator boundary".  To suggest the browser can safely broker that transaction is (IMHO) placing too much trust in the relationship the browser has with other peripherals on the device.

GitHub Notification of comment by sbweeden
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Tuesday, 9 March 2021 03:43:53 UTC