Re: [webauthn] Explicitly restrict NONE aaguid to none attestation only (#1588) from Ackermann Yuriy via GitHub on 2021-03-25 (public-webauthn@w3.org from March 2021)

From: Ackermann Yuriy via GitHub <sysbot+gh@w3.org>
Date: Thu, 25 Mar 2021 12:29:26 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-806649958-1616675365-sysbot+gh@w3.org>

That is weird. At FIDO we don't allow SELF(aka SURROGATE) authenticators to have ZERO AAGUID. All authenticators must have AAGUID, and in case of SELF attestation, in none attestation scenario, AAGUID will be returned, because it can not be used for correlation.

-- 
GitHub Notification of comment by herrjemand
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1588#issuecomment-806649958 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 25 March 2021 12:29:28 UTC