Re: [webauthn] backup states in authenticator data (#1695)

I don't really see how (1) solves the problem either.

(3) might be annoying, but at least it communicates clearly the state of what's happened. Apple jumped the gun, solved a real user experience problem, but did it in a way that will mess up RP's ability to make security decisions so now we have to assume everything is a passkey. 

(2) means that the BE flags then "cant really be trusted" if they "might change over time". Suddenly the security properties you asserted over a credential now changed? That's not okay from an RP's view. About the only way I'd see this being okay is if there is also advice in the spec that says:

- Transition from 0 -> 1 is valid, 1 -> 0 is not, and must result in the credential being invalidated.
- On transition from 0 -> 1, then the RP MAY make a policy decision about if they invalidate the credential or not.

I think that's the only way I'd really accept 2 here, is if we help guide RP's on what MIGHT be happening and what they may want to do. Backup of a credential should be a one way street, where once it goes to the backed up state, we must assume it's no longer HW bound. 

GitHub Notification of comment by Firstyear
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Thursday, 14 April 2022 03:28:53 UTC