Re: [webauthn] Discussing mechanisms for enterprise RP's to enforce bound properties of credentials (#1739) from Rolf Lindemann via GitHub on 2022-06-16 (public-webauthn@w3.org from June 2022)

From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
Date: Thu, 16 Jun 2022 09:15:49 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1157427186-1655370947-sysbot+gh@w3.org>

... and: supporting attestation for the DPK is the only way to distinguish maliciously generated keys from keys generated by trusted authenticators.

Ideally, there would be attestation for the multi-device keys as well, so that the RP gets a strong prove of what kind of "sync fabric" is being used.

-- 
GitHub Notification of comment by rlin1
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1739#issuecomment-1157427186 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 16 June 2022 09:15:50 UTC