Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/saper/statuses/111250106157334698">Marcin Cieślak (saper@mastodon.social)'s status on Wednesday, 18-Oct-2023 05:57:00 JST</a><a href="https://mastodon.social/@saper" title="saper@mastodon.social"><img src="https://gnusocial.jp/avatar/111068-48-20230405035307.webp" width="48" height="48" alt="Marcin Cieślak" style="position: absolute; left: 0; top: 0;">Marcin Cieślak</a><div><a href="https://chirp.enworld.org/@PlaneSailingGames/111249859599523479" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/38360" title="gossithedog@cyberplace.social">Kevin Beaumont</a></li><li><a href="https://gnusocial.jp/user/114200" title="planesailinggames@chirp.enworld.org">Alex White</a></li></ul></div></section><article><p><a href="https://chirp.enworld.org/@PlaneSailingGames">@PlaneSailingGames</a> <a href="https://cyberplace.social/@GossiTheDog">@GossiTheDog</a> </p><p>I am no expert on <a href="https://mastodon.social/tags/Webauthn" rel="tag">#Webauthn</a> but maybe some "pure-device-based-no-backup" attestation type could be added. But then, in turn, the relying party would need to require that and only that. Unlikely to happen. </p><p>Does this mean that relying parties might need to maintain "trusted" lists of attestation CAs in the future?</p><p>Here it would be unlikely that Google, Apple and Microsoft certificates will not be included on those lists by default.</p><p>pls help <a href="https://agora.echelon.pl/users/kravietz">@kravietz</a> :)</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2198879#notice-4322437">In conversation</a><time datetime="2023-10-18T05:57:00+09:00" title="Wednesday, 18-Oct-2023 05:57:00 JST">Wednesday, 18-Oct-2023 05:57:00 JST</time> <span>from <span><a href="https://mastodon.social/@saper/111250106157334698" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@saper/111250106157334698">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Marcin Cieślak (saper@mastodon.social)'s status on Wednesday, 18-Oct-2023 05:57:00 JSTMarcin Cieślak
in reply to
@PlaneSailingGames @GossiTheDog
I am no expert on #Webauthn but maybe some "pure-device-based-no-backup" attestation type could be added. But then, in turn, the relying party would need to require that and only that. Unlikely to happen.
Does this mean that relying parties might need to maintain "trusted" lists of attestation CAs in the future?
Here it would be unlikely that Google, Apple and Microsoft certificates will not be included on those lists by default.
pls help @kravietz :)
In conversationWednesday, 18-Oct-2023 05:57:00 JST from mastodon.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice