Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Divide security/privacy considerations into subsections by audience #1298

Merged
merged 3 commits into from
Sep 20, 2019
Merged

Divide security/privacy considerations into subsections by audience #1298

merged 3 commits into from
Sep 20, 2019

Conversation

emlun
Copy link
Member

@emlun emlun commented Sep 11, 2019
edited by pr-preview bot
Loading

Fixes #1039.

I expected this would conflict with #1250, but it actually looks like the two can in fact merge cleanly.

Preview | Diff

@emlun emlun added type:editorial security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. labels Sep 11, 2019
@emlun emlun added this to the L2-WD-02 milestone Sep 11, 2019
@emlun emlun self-assigned this Sep 11, 2019
equalsJeffH
equalsJeffH suggested changes Sep 11, 2019
View reviewed changes
Copy link
Contributor

@equalsJeffH equalsJeffH left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

overall this looks very nice, thx @emlun :)

tho, in "Attestation Certificate and Attestation Certificate CA Compromise" the last two parag's are specific to RPs (yes?) and I worry that RPs will overlook them since they are containing within the "Security considerations for authenticators" section. perhaps these parags ought to be moved to an appropriat subsection of "Security considerations for Relying Parties" and cross-linked (eg "see also relevant RP-specific considerations", "see also relevant authnr-specific considerations") with each other?

@emlun
Copy link
Member Author

emlun commented Sep 11, 2019

What section is that? I can find the word "sync" only 6 times in the preview, and none of them is related to what you're talking about.

@equalsJeffH
Copy link
Contributor

Sorry!! I had accidentally pasted incorrect text into #1298 (review) :( ....my apologies! fixed now.....

@emlun
Copy link
Member Author

emlun commented Sep 11, 2019

Ah, I see. Good catch, thanks!

selfissued
selfissued approved these changes Sep 20, 2019
View reviewed changes
Copy link
Contributor

@selfissued selfissued left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

equalsJeffH
equalsJeffH approved these changes Sep 20, 2019
View reviewed changes
Copy link
Contributor

@equalsJeffH equalsJeffH left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM @emlun!! thx!

@equalsJeffH equalsJeffH merged commit 8ed793f into master Sep 20, 2019
WebAuthnBot pushed a commit that referenced this pull request Sep 20, 2019
Built by Travis-CI: 8ed793f Divide security/privacy considerations in…
50b0867 
…to subsections by audience (#1298)
WebAuthnBot pushed a commit that referenced this pull request Sep 20, 2019
Built by Travis-CI: 8ed793f Divide security/privacy considerations in…
82c51cb 
…to subsections by audience (#1298)
@emlun emlun deleted the issue-1039-consideration-audiences branch September 20, 2019 06:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@selfissued selfissued selfissued approved these changes

@equalsJeffH equalsJeffH equalsJeffH approved these changes

Assignees

@emlun emlun

Labels
privacy-tracker Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response. security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. type:editorial
Projects
None yet
Milestone
L2-WD-02
Development

Successfully merging this pull request may close these issues.

Divide Security/Privacy Considerations into subsections by audience?
3 participants
@emlun @equalsJeffH @selfissued