Re: [webauthn] Split RP ops "Registering a new credential" into one with and one without attestation (#1710) from Matthew Miller via GitHub on 2022-03-29 (public-webauthn@w3.org from March 2022)

From: Matthew Miller via GitHub <sysbot+gh@w3.org>
Date: Tue, 29 Mar 2022 14:04:41 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1081914368-1648562679-sysbot+gh@w3.org>

> In the end, in the absence of attestation/signature, you can simply send the public key over since none of the data can be trusted anyway.

@dagnelies i think you'll be interested in issue [#1698](https://github.com/w3c/webauthn/issues/1698#issuecomment-1035215931) where I ask that very question. @emlun provides a very nice answer that doesn't try to dance around the fact that `"none"` attestation doesn't get you a signature over authenticator data.

-- 
GitHub Notification of comment by MasterKale
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1710#issuecomment-1081914368 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 29 March 2022 14:04:46 UTC