undefined | Better HN

0 pointszacharyvoase3y ago0 comments

WebAuthn uses such a directory already. Most implementations validate the attestation against a public database of ‘trusted’ device types (and DAA enables this to be done without compromising anonymity, up to the uniqueness of a device type)

0 comments

hirsin3y ago

That's not a trust statement, and it's not reliable as a proof. You can reliably tell you've seen this authenticator before, but that doesn't solve the problem being described here

zacharyvoaseOP3y ago

Trust is a ladder, and identifying the make/model of device is but one rung of it.

j / k navigate · click thread line to collapse

0 pointszacharyvoase3y ago0 comments

0 comments

hirsin3y ago

That's not a trust statement, and it's not reliable as a proof. You can reliably tell you've seen this authenticator before, but that doesn't solve the problem being described here

zacharyvoaseOP3y ago

Trust is a ladder, and identifying the make/model of device is but one rung of it.

j / k navigate · click thread line to collapse