- From: Firstyear via GitHub <sysbot+gh@w3.org>
- Date: Sun, 17 Jul 2022 23:18:27 +0000
- To: public-webauthn@w3.org
> Broad stroke reaction: attestation of particular storage and secure element binding of a key would be better as part of an attestation, and better still indirectly through lookup based on attestations. > > The BE flag exists because it is a user experience flag that makes sense for non-attested data. The BS flag exists because it varies per response and not based on authenticator make/model. > > The case for additional flags or extensions to report on key protections would be if an authenticator actually made this dynamic - say if a vendor created a single platform authenticator that made it a user decision or policy decision whether the credential is bound to hardware - and used the same aaguid and same attestation in both cases rather than representing these different policies as multiple distinct platform authenticators. But today an authenticator does use the same aaguid for an attested credential regardless of it's rk state or not. So you can't really use attestation for this purpose. That's why I suggested this signed boolean flag. -- GitHub Notification of comment by Firstyear Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1761#issuecomment-1186627551 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Sunday, 17 July 2022 23:18:29 UTC