- From: Firstyear via GitHub <sysbot+gh@w3.org>
- Date: Mon, 24 Jan 2022 23:00:38 +0000
- To: public-webauthn@w3.org
> Access to the platform provider's cloud account does not necessarily grant access to backup credentials. That is an assumption you are making. Uh huh. Then how does passkey work then? Because if I enroll webauthn on say ... my macbook pro, and then go to my phone and use the same webauthn token, the private key *must* have been transmitted between the two devices. And if I enroll a new ipad to my account, it also gets the private key. That means the access to my icloud account allows the private key to be retrieved. So the security of that private key hinges on the security of my icloud account. -- GitHub Notification of comment by Firstyear Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1691#issuecomment-1020634651 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 24 January 2022 23:00:39 UTC