- From: David Waite via GitHub <sysbot+gh@w3.org>
- Date: Fri, 15 Jul 2022 18:20:12 +0000
- To: public-webauthn@w3.org
Broad stroke reaction: attestation of particular storage and secure element binding of a key would be better as part of an attestation, and better still indirectly through lookup based on attestations. The BE flag exists because it is a user experience flag that makes sense for non-attested data. The BS flag exists because it varies per response and not based on authenticator make/model. The case for additional flags or extensions to report on key protections would be if an authenticator actually made this dynamic - say if a vendor created a single platform authenticator that made it a user decision or policy decision whether the credential is bound to hardware - and used the same aaguid and same attestation in both cases rather than representing these different policies as multiple distinct platform authenticators. -- GitHub Notification of comment by dwaite Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1761#issuecomment-1185789400 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 15 July 2022 18:20:14 UTC