|
|
|
|
|
|
by jiveturkey
2075 days ago
|
|
|
> easily disable attestation all future attestations. U2F/webauthn doesn't actually provide a revocation mechanism. > Instead of with Yubikey where if the attestation key is compromised, and it is blacklisted, they disable every single last device manufactured with said attestation key. it is important to note that there is not a "the" attestation key. there are many. "disabling" one, to the extent that is even possible, disables only the group with that key. |
|
|