[webauthn] clarify generation of rpIdHash from =JeffH via GitHub on 2018-06-05 (public-webauthn@w3.org from June 2018)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Tue, 05 Jun 2018 22:49:29 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-329652051-1528238968-sysbot+gh@w3.org>

equalsJeffH has just created a new issue for https://github.com/w3c/webauthn:

== clarify generation of rpIdHash  ==
In tracing through the spec, it was difficult to ascertain who creates `authenticatorData.rpIdHash` and when.  

The phrase "SHA-256 hash of the RP ID" is used in [§ 6.1. Authenticator data](https://www.w3.org/TR/webauthn/#sec-authenticator-data) (in the table only), and in the [Relying Party Operations](https://www.w3.org/TR/webauthn/#rp-operations) sections, but not in the authenticatorMakeCredential / authenticatorGetAssertion operations.  

The latter simply say "Let |authenticatorData| be the byte array specified in §6.1 Authenticator data...", and the latter section does not have a clearly defined alg subsection, so it is just sort of implicit that when one says "Let |authenticatorData| be the byte array..." that there's clearly defined work to do, and think we oughta clarify the work to do and delineate it (these would be "easy" editorial cleanups me thinks)

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/932 using your GitHub account

Received on Tuesday, 5 June 2018 22:49:31 UTC