--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/2282383e-143f-4d0e-8a75-bffe3e73acd0n%40fidoalliance.org.
Hi,
Metadata are expected to be updated depending on several external causes: e.g. negative, authenticator compromise, trust anchor revocation or positive, authenticator certification, trust anchor rotation.
As such, Relying Parties are expected to poll the Metadata Service ~once a day.
Also, the attestation is done only during registration, but it is expected that Relying Parties track the registration data – once an authenticator metadata is changed, Relying Parties should update the status of authenticator that have been previously registered.
For instance, if an authenticator is compromised, e.g. leaked attestation private key, the metadata will be updated to reflect this information. Upon polling the metadata, the Relying Party seeing that the authenticator is compromised, could go through all registered authenticators of the same model, revoke them, and notify the user of the revocation.
Best regards,
--
Thomas Duboucher
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/2d33455d-f870-4d80-9790-607553ca0977n%40fidoalliance.org.