tony: open PRS
https://github.com/w3c/webauthn/pull/1474
jtan: intent is to address a specific device
akshay: in consumer we ask for
attestation but don't really do anythign with it.
... on enterprise side can chose what to allow and dis-allow,
using an AAGUID
jtan: for enterprise, usually
want to recognize a single device
... if you have enterprise mode on, you use some featues
aksahy: still is model of a device
jbradlley: if you don't have aaguid, that may mess people up, CTAP2 assume aaguid
jtan: there should not be an aaguid
jbradley: individual device, not class of devices
jan: yes.
jTan: yes.
... please add your opinions in github
elundberg: PR is about attestation CA?
akshay: trying to figure out what it is
shane: can tell it is apple
attestation
... but can't tell by device
... need to separate what will be done in future versions of
apple attestation
... there is an implementation in the wild.
jbradley: are we saying there is another way to deal with apple attestation
shane: no. the way it works, i look at aaguid and if it is all zeros, I need to use something else
jbradley: the intent was to go foward with aaguids, but if we have subject key identifies, we may need to tweak FIDO MDS
akshay: I put all the commands in the pull request
jbradley: why all zeros
jtan: no particular reason
jbradley: you collide with U2F authenticators by using alll zeros
jtan: you wont have other devices that use applel attestation
jbradelly: so we may need custom logic
jtan: we will discuss internally
tony: bradley, you will update?
shane: what needs to be
updated
... don't need to mention aaguid
jeffH: I don't see any mention of aaguid
jtan: I will modify #1474, and keep #1491 together.
https://github.com/w3c/webauthn/pull/1491
tony: elundberg, are your questions answered
elundberg: yes, it looks good to go. some minor suggestions - editorial
tony: jeffH?
... OK
jeffH: largely
https://github.com/w3c/webauthn/pull/1497
jeffH: basically ready to go.
tony: jc_moz and akshay, you looking at this
jc_moz: i flagged this for folks
at Mozilla, I have not heard back.
... my understanding it looks fine.
akshay: we need to review who knows this better
jeffH: intersection observer is still in comment phase
discussing browser and click jacking
https://github.com/w3c/webauthn/pull/1499
jeffH: elundberg has a good
point.
... shane has comment in issue. I have not read it
shane: I don't think we need a new attestation type
jeffH: some people have gotten this wrong.
jbradley: does cover, but has to have correct self-signed cert
jeffH: i put comment into PR. may just need to clarify here.
shane: will we clarify here
jeffH: we will ask FIDO nicely
https://github.com/w3c/webauthn/pull/1500
tnoy: need a check off here.
https://github.com/w3c/webauthn/pull/1502
shane: action I took last week, I did address that
tony: any other review?
... think this is ready to go, elundberg signed off
https://github.com/w3c/webauthn/pull/1503
tony: fixed. merged
https://github.com/w3c/webauthn/issues/1504
elundberg: align wording.
tony: i will wait for #1491, create a PR for this one
<selfissued> Later...
tony: adjourn
This is scribe.perl Revision of Date Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Present: jcj_moz elundberg jeffh wseltzer jfontana_ selfissued No ScribeNick specified. Guessing ScribeNick: jfontana_ Inferring Scribes: jfontana_ WARNING: No "Topic:" lines found. Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2020Oct/0082.html WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]