Note that attacker can replace the whole PublicKeyCredential object

w3c · Oct 10, 2018 · 3ee0abe · 3ee0abe
1 parent 782c678
commit 3ee0abe
Showing 1 changed file with 9 additions and 9 deletions.
diff --git a/index.bs b/index.bs
@@ -5361,15 +5361,15 @@ Under the assumption that a [=registration ceremony=] has been completed securel
 confidentiality of the [=credential private key=], subsequent [=authentication ceremonies=] using that [=public key
 credential|credential=] are always resistant to [=man-in-the-middle attacks=], i.e., benefit (3) above remains guaranteed.
 
-The discussion above holds for all [=attestation types=].  In all cases it is possible for a [=man-in-the-middle
-attack|man-in-the-middle attacker=] to replace the [=attestation statement=], including the [=credential public key=] to be
-registered, and subsequently tamper with future [=authentication assertions=] [=scoped=] for the same [=[RP]=] and passing through
-the same attacker. Note that such an attack would be detectable - since the [=[RP]=] has not registered the user's authentic
-[=credential public key=], the corresponding [=credential=] cannot be used for any [=authentication ceremony=] unless the same
-attacker actively tampers with the [=ceremony=]. [=Attestation types=] other than [=Self Attestation=] and [=None=] further
-increase the difficulty of the attack, since the attacker might need to use a genuine [=authenticator=] of the same model as the
-user's [=authenticator=], lest the user detect that the [=[RP]=] indicates having registered a different [=authenticator=] model
-than the user expected.
+The discussion above holds for all [=attestation types=]. In all cases it is possible for a [=man-in-the-middle
+attack|man-in-the-middle attacker=] to replace the {{PublicKeyCredential}} object, including the [=attestation statement=] and the
+[=credential public key=] to be registered, and subsequently tamper with future [=authentication assertions=] [=scoped=] for the
+same [=[RP]=] and passing through the same attacker. Note that such an attack would be detectable - since the [=[RP]=] has not
+registered the user's authentic [=credential public key=], the corresponding [=credential=] cannot be used for any
+[=authentication ceremony=] unless the same attacker actively tampers with the [=ceremony=]. [=Attestation types=] other than
+[=Self Attestation=] and [=None=] further increase the difficulty of the attack, since the attacker might need to use a genuine
+[=authenticator=] of the same model as the user's [=authenticator=], lest the user detect that the [=[RP]=] indicates having
+registered a different [=authenticator=] model than the user expected.
 
 Note: All variants of [=man-in-the-middle attacks=] described above are more difficult than a [=man-in-the-middle attack=] against
 a [=[RP]=] that only uses conventional password authentication.