- From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
- Date: Wed, 02 Nov 2016 16:29:25 +0000
- To: public-webauthn@w3.org
vijaybh has just created a new issue for
https://github.com/w3c/webauthn:
== Simplifying attestation, take two ==
Some colleagues and I have spent a fair bit of time with attestation
recently, and in thinking through implementation issues it became
apparent that a browser implementation has to do significant parsing
of the attestation data returned from the authenticator even though
the client really should not care about the contents of this.
Strawman suggestion that we came up with:
- Reduce WebAuthnAttestation to { ArrayBuffer clientData; ArrayBuffer
attestation; }
- Have attestation be a CBOR map containing
- Format
- authenticatorData
- format-specific content (different for packed vs. TPM and so on)
- Perhaps this will become obsolete if we implement the above, but any
place we insert the algorithm of the attestation signature, we could
remove that field for the case of self attestation
The above CBOR map would not be parsed at all on the client, only at
the server. This might also simplify the IDL a little bit.
Please view or discuss this issue at
https://github.com/w3c/webauthn/issues/244 using your GitHub account
Received on Wednesday, 2 November 2016 16:29:31 UTC