Re: [webauthn] Indicate that the credential could be backed up and restored, but not synchronized (#1933) from Ki-Eun Shin via GitHub on 2023-07-27 (public-webauthn@w3.org from July 2023)

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Thu, 27 Jul 2023 12:30:01 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1653526438-1690461000-sysbot+gh@w3.org>

> How would this be done, securely? How can that enforcement logic be guaranteed that a currently active device honestly obeys the command to delete a private key?

It depends on how the passkey providers mange the credential. There might be a case where the credential is stored in the passkey provider's cloud and the assertion signature might be generated in the secure cloud storage.

-- 
GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1933#issuecomment-1653526438 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 27 July 2023 12:30:03 UTC