Re: [webauthn] Split RP ops "Registering a new credential" into one with and one without attestation (#1710) from DannyNiu/NJF via GitHub on 2024-03-01 (public-webauthn@w3.org from March 2024)

From: DannyNiu/NJF via GitHub <sysbot+gh@w3.org>
Date: Fri, 01 Mar 2024 00:54:30 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1972246497-1709254468-sysbot+gh@w3.org>

Most of the discussion here seem to revolve around TOFU of pubkey during registeration. If registration is to be simplified, then origin verification will not be possible during registration, and [the beginning of this section](https://w3c.github.io/webauthn/#sctn-validating-origin) will need to be adapted accordingly, unless there's something critical with verifying the origin during registration.

-- 
GitHub Notification of comment by dannyniu
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1710#issuecomment-1972246497 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 1 March 2024 00:54:32 UTC