- From: philomathic_life via GitHub <sysbot+gh@w3.org>
- Date: Thu, 19 Sep 2024 01:45:39 +0000
- To: public-webauthn@w3.org
zacknewman has just submitted a new pull request for https://github.com/w3c/webauthn: == Exclude all platform authenticators that use self attesation from hav… == …ing to use none attestation Closes #2146 Related #1962 #2146 raises the possibility of leaving attestation for _all_ platform authenticators based on the argument that much of the information related to attestation could be re-generated once AAGUID is known (which all platform authenticators keep); however this PR more conservatively only excludes platform authenticators that use self attestation since self attestation does not contain any new information and self attestation is already excluded from being replaced with none when the AAGUID is already all zero (i.e., RPs, even ones that only intend to support none attestations, have to be prepared to handle via error the possibility of receiving self attestation despite requesting none). The following tasks have been completed: - [ ] Modified Web platform tests ([link](https://github.com/web-platform-tests/wpt/)) Implementation commitment: - [ ] WebKit ([link to issue](https://bugs.webkit.org/)) - [ ] Chromium ([link to issue](https://issues.chromium.org/issues/new?component=1456855&template=0)) - [ ] Gecko ([link to issue](https://bugzilla.mozilla.org/home)) Documentation and checks - [ ] Affects privacy - [ ] Affects security - [ ] Updated explainer ([link](https://github.com/w3c/webauthn/wiki) See https://github.com/w3c/webauthn/pull/2150 -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 19 September 2024 01:45:40 UTC