Re: [webauthn] devciePubKey extension MUST be supported if passkey is supported (#1691) from Arshad Noor via GitHub on 2022-01-24 (public-webauthn@w3.org from January 2022)

From: Arshad Noor via GitHub <sysbot+gh@w3.org>
Date: Mon, 24 Jan 2022 14:53:13 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1020182906-1643035992-sysbot+gh@w3.org>

I appreciate that folks on this list are starting to see what FIDO is 
all about (security). That FIDO made some complex things easy, was truly 
a bonus.

In the past, I have cautioned against going down the road PKI traveled; 
but I never imagined that FIDO ("Simpler, stronger authentication!") 
might choose to surpass PKI in complexity. The "Cloud" is primarily 
responsible for this, IMO. But, what is ironical is that the company 
that gave the world its iconic "1984 
<https://duckduckgo.com/?q=apple's+1984+ad>" ad is the one that opened 
up this Pandora's Box!

Truth is, indeed, stranger than fiction.

I will continue to advocate for what I believe is the only sustainable 
FIDO solution: delivering the core FIDO security capability, and 
educating consumers and RPs about their responsibilities. To the extent 
the resources of this community can be channeled towards that objective, 
I believe FIDO can serve the world admirably for at least a few decades.

On 1/24/22 6:17 AM, Emil Lundberg wrote:
>
> So if an RP has implemented WebAuthn without .. validating attestation 
> statements, .. its security posture would be undermined .., then that 
> RP has unfortunately based its implementation on incorrect 
> assumptions. ... maybe we could somehow point all of this out more 
> clearly to the reader.
>
> —
> Reply to this email directly, view it on GitHub 
> <https://github.com/w3c/webauthn/issues/1691#issuecomment-1020147077>, 
> or unsubscribe 
> <https://github.com/notifications/unsubscribe-auth/ABWSVTTYNIBDCDEPEDJ7BLLUXVNO3ANCNFSM5MML626A>.
> Triage notifications on the go with GitHub Mobile for iOS 
> <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> 
> or Android 
> <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. 
>
> You are receiving this because you commented.Message ID: 
> ***@***.***>
>

-- 
GitHub Notification of comment by arshadnoor
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1691#issuecomment-1020182906 using your GitHub account

-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 24 January 2022 14:53:19 UTC