- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Thu, 28 Oct 2021 00:29:23 +0000
- To: public-webauthn@w3.org
equalsJeffH has just created a new issue for https://github.com/w3c/webauthn: == Lookup Credential Source by Credential ID Algorithm returns sensitive data such as the credential private key == the [Lookup Credential Source by Credential ID Algorithm](https://www.w3.org/TR/webauthn/#sctn-op-lookup-credsource-by-credid) is presently used only in internal-to-the-authenticator operations, namely in authenticatorMakeCredential and authenticatorGetAssertion. The result of [Lookup Credential Source by Credential ID Algorithm](https://www.w3.org/TR/webauthn/#sctn-op-lookup-credsource-by-credid) is null, or one or more credential sources. A [credential source](https://www.w3.org/TR/webauthn/#public-key-credential-source) models the (sensitive) data an authnr manages for each "credential", i.e., including the [credential private key](https://www.w3.org/TR/webauthn/#credential-private-key). Using this [alg](https://www.w3.org/TR/webauthn/#sctn-op-lookup-credsource-by-credid) to look up a cred source, when conceptually "within the authenticator boundary" is fine (i.e., security- and privacy-wise). However, if we attempt to use this alg from another conceptual level, e.g., the client platform (as we might do in PR #1576), then we do not want to be returning the private key to the caller. authenticatorMakeCredential and authenticatorGetAssertion really only need this alg to return [cred source items](https://www.w3.org/TR/webauthn/#public-key-credential-source) such as type, (cred) id, rpId, userHandle, otherUI (i.e., everything other than privateKey). We ought to update this alg accordingly such that security model subtleties remain at least nominally correct. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1678 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 28 October 2021 00:29:25 UTC