- From: Fredrik Tolf via GitHub <sysbot+gh@w3.org>
- Date: Mon, 12 Jun 2023 13:34:36 +0000
- To: public-webauthn@w3.org
@timurnkey Clearly, I'm not the expert here (so the actual experts can feel very free to correct me), but my understanding is that the main circumstance where challenges for attestation matters is when the attestation itself contains some relevant identity information. For instance, you could imagine an enterprise/government identity scheme where USB keys have information about the physical person that is supposed to own the key fused into them, and registering an account with said key implies associating the account with the same physical person. In this case, you would clearly want to avoid registration reuse. -- GitHub Notification of comment by dolda2000 Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1856#issuecomment-1587357256 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 12 June 2023 13:34:38 UTC