- From: Keiko Itakura via GitHub <sysbot+gh@w3.org>
- Date: Sat, 10 Sep 2022 00:04:31 +0000
- To: public-webauthn@w3.org
keikoit has just created a new issue for https://github.com/w3c/webauthn: == Attestation for DPK(device-bound public key) == After discussing with various RPs on DPK (device-bound public key), we are agreeing that those RPs who want to use a DPK need attestation for a DPK and the attestation must be protected from replay attacks. I am wondering if this requirement is specified in the specification already? Without replay attack protection, a DPK is equivalent to a bearer token and RPs cannot trust it. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1798 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 10 September 2022 00:04:33 UTC