[webauthn] Split RP ops "Registering a new credential" into one with and one without attestation (#1710) from Emil Lundberg via GitHub on 2022-03-23 (public-webauthn@w3.org from March 2022)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 23 Mar 2022 16:43:07 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1178347365-1648052075-sysbot+gh@w3.org>

emlun has just created a new issue for https://github.com/w3c/webauthn:

== Split RP ops "Registering a new credential" into one with and one without attestation ==
Motivated by #1709. Many RPs will not need attestation, and the default `attestationConveyance` is `"none"`. It is of little use to these RPs to implement all the complexity around verifying attestation statements. We could split [§7.1. Registering a New Credential](https://w3c.github.io/webauthn/#sctn-registering-a-new-credential) into two variants: the current one, which includes all the details around attestation verification, and a greatly simplified one without most of the steps concerned with attestation. Or, alternatively, extract attestation processing into a subsection and refer to it as an optional sub-procedure. The new section(s) should briefly explain the security and user experience implications of choosing to ignore, require, or simply request and store attestations.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1710 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 23 March 2022 16:43:08 UTC