- From: John Bradley via GitHub <sysbot+gh@w3.org>
- Date: Thu, 31 Mar 2022 16:27:21 +0000
- To: public-webauthn@w3.org
> As far as I understand, the former is only a temporary side effect of attestation that will likely go away once the "backup indicator" is specified and implemented, right? The backup indicator is mostly for RP that want syncing. In that case it can be used without attestation. If you want to use it for security eg deny syncing it can only be trusted in the context of an attestation. If an attacker compromises the account and can load the credentials into an authenticator it controls then they would just not set the flag. That would not be easy but potentially possible it will depend on the sync fabric security eg can the credentials only be restored to a TPM in a trusted authenticator. In some cases where an authenticator supports both types of credentials and provides an attestation, the indicator can be trusted to differentiate between the two kinds of credentials. I believe that backup vs not backed up would be under user control not RP. This may get in the way of some of the higher security use cases, though likely no more than platform authenticators not having CC/CSPN/FIPS certification minimum pin length and retry limits for EIDAS etc. -- GitHub Notification of comment by ve7jtb Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1714#issuecomment-1084816696 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 31 March 2022 16:27:22 UTC