- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Tue, 12 Jun 2018 21:53:10 +0000
- To: public-webauthn@w3.org
The following commits were just pushed by equalsJeffH to https://github.com/w3c/webauthn:
* Add list of benefits RP gains from the spec
by Emil Lundberg
https://github.com/w3c/webauthn/commit/828b5bebeccad517f2a7d79e55a65b67db21563c
* Add RP conformance section on ignoring attestation
by Emil Lundberg
https://github.com/w3c/webauthn/commit/cb06c8af085f57585e84d4084d6d81fd61cbca9c
* Move discussion of RP benefits to security considerations
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e3ec29d34e09fb770724950a2115e51c8b15bfc4
* Clarify the U2F Attestation format to have a single certificate
The [U2F Raw Message Format](https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#h3_registration-response-message-success) only allows for a single attestation certificate in U2F responses.
This PR reflects this in the U2F Attestation Format to reduce the chance of misunderstanding when implementing the server verification.
by Arnar Birgisson
https://github.com/w3c/webauthn/commit/4e19fe4099a5f7c0248c25fdf4b9e3ce7ba4a86d
* Refer "man-in-the-middle attack" to RFC 4949
by Emil Lundberg
https://github.com/w3c/webauthn/commit/ce8eadb662889222135f08d14a6f4498947dd887
* Note that self- and no-attestation is a "leap of faith" as defined by RFC 4949
by Emil Lundberg
https://github.com/w3c/webauthn/commit/da06b8f8718e653e720eef9c1a6fef9fa51bd6d0
* Add mention of authenticator policy enforcement to RP benefits section
by Emil Lundberg
https://github.com/w3c/webauthn/commit/9ea86baaf8037a9eeb0571f3a177823a586ac7df
* Address most of @equalsJeffH's review comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2b698256904e058643a132a0cac25c2977953f7b
* Add note about None being the default attestation type
by Emil Lundberg
https://github.com/w3c/webauthn/commit/dac35abe7d6bf49250fd4ab6b1544851a515bcd7
* Fixed example with incorrect allowCredential. Improved existing examples
by Ackermann Yuriy
https://github.com/w3c/webauthn/commit/9bd9dd890984481a8c09a0d46d0a06875ea36c29
* Merge branch 'master' into issue-576-rp-no-attestation
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2fa1436aacd413290d0dec878eface01555f49f4
* Reference [[FIDO-Registry]] for raw EC public key format
See https://github.com/w3c/webauthn/issues/891
by Emil Lundberg
https://github.com/w3c/webauthn/commit/8e004d001c950f5a155f5e4294d690cabe7186fa
* Use |authData| in both RP operations (#892)
* Replace |aData| and |adata| with |authData|
* Fix #875: cleanup: interstital blank line
by Emil Lundberg
https://github.com/w3c/webauthn/commit/96bc24a1ffcd71508e08f20e56c45a9a6994e637
* "with string-valued keys" => "whose keys are strings" (#880)
The wording "whose keys are strings" works.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/4f584b82eb9f513efabc1fd317c651df8128d3f2
* Merge pull request #836 from arnar/patch-1
Clarify the U2F Attestation format to have a single certificate
by Adam Langley
https://github.com/w3c/webauthn/commit/92142acd0359d1d82fc7420b2704d011d560e1cc
* Fixed incorrect field size that makes all letters to overlap each other (#887)
Merging, per 2-May-18 call decision.
by Ackermann Yuriy
https://github.com/w3c/webauthn/commit/b470728005ff9dc142722a39fc7d327813c1f2b4
* Merge pull request #893 from w3c/issue-891-ref-fido-registry
Reference [[FIDO-Registry]] for raw EC public key format
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b8e3f6429690a575a446a7242a567e22f42c4c2d
* draft-jones-webauthn-cose-algorithms-01 (#895)
Tracks initial IANA COSE Algorithm registrations that have been made
by Mike Jones
https://github.com/w3c/webauthn/commit/7451b28a2464c6b4a6c4d2b01163b81227f2f578
* Replace [[FIDOReg]] with [[FIDO-Registry]]
by Emil Lundberg
https://github.com/w3c/webauthn/commit/80e6df67a0fe4624a83d3b68e1aeb8f8312b7e45
* Add section headings to [[FIDO-Registry]] references
by Emil Lundberg
https://github.com/w3c/webauthn/commit/164bce178a1bbae02cd121917efaaa833dd48ebe
* Track initial COSE algorithm registrations made for WebAuthn (#896)
by Mike Jones
https://github.com/w3c/webauthn/commit/b3aa419a452cf73110885874e7c7550aaa128799
* Relax "highly resistant" to just "resistant"
by Emil Lundberg
https://github.com/w3c/webauthn/commit/333f22d85cf3448e2b54170fb404bc416daf85d7
* Merge branch 'master' into issue-576-rp-no-attestation
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f80ea1a311a9ad55a08f12b6e22e64d741abe237
* Merge pull request #829 from emlun/issue-576-rp-no-attestation
Add RP conformance section on ignoring attestation
by Emil Lundberg
https://github.com/w3c/webauthn/commit/18501cdb9433bd11f484064e96ce9a462c44bc50
* Merge pull request #897 from w3c/issue-894-new-fido-registry
Replace [[FIDOReg]] with [[FIDO-Registry]]
by Emil Lundberg
https://github.com/w3c/webauthn/commit/1c3dd46e4952b15892a6ebfc4387c8e8369c35f0
* Fix issue with |savedCredentialId| scope
This fixes one of the inline issues in the spec.
Since the value of the |savedCredentialId| variable depends on the
credentials contained in each |authenticator|, a single global
|savedCredentialId| variable is not sufficient. Therefore a map of
|authenticator|s to |savedCredentialId|s is used instead.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/33cdaf1da2f0384266cc852f8fe8c3db49be7722
* Reformulate "lifetime of |lifetimeTimer|" as "until |lifetimeTimer| expires"
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e124cd769b561a8938fbed8e9964b3d0e20a2d7e
* Merge "for each authenticator" algorithm step into "while timer not expired" step
This merges the previous step 19 of makeCredential in as a switch case
of step 20, and the previous step 18 of getAssertion in as a switch case
of step 19. This way there is only one step in each algorithm that tries
to express things to do asynchronously for the duration of the timer.
The inline `Issue:`s mentioning underspecified behaviour are replaced
with descriptions of an abstract "set of presently available
authenticators" and `Note:`s indicating that this is intentionally
underspecified and meant to represent different connection and discovery
mechanisms all in one.
This also swaps the order of the previous steps 17 ("Start
|lifetimeTimer|.") and 18 ("Let |issuedRequests| be a new ordered set")
of makeCredential, for consistency with getAssertion and so that the
step "Start |lifetimeTimer|." immediately precedes the step "While
|lifetimeTimer| has not expired [...]".
by Emil Lundberg
https://github.com/w3c/webauthn/commit/56fd4467d5ff256fb391423bb35740dbce041853
* Fix issue #405
See https://github.com/w3c/webauthn/issues/405
by Emil Lundberg
https://github.com/w3c/webauthn/commit/26275b79c01f314515dcd63adef4e39ae56b39e8
* Fix dfn block formatting for AuthenticatorTransport as well
by Emil Lundberg
https://github.com/w3c/webauthn/commit/69cdf7b4e56ed5cd0f48400439840fcf7ac797ca
* Fix dfn block formatting for UserVerificationRequirement as well
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d3c10427c837b62b3e5765d5cdbc53038326c67d
* Fix dfn block formatting for AuthenticatorAttachment as well
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b49fd2717a9e22abdff25bc646047b2cda2043e2
* Fix dfn block formatting for TokenBinding and TokenBindingStatus
by Emil Lundberg
https://github.com/w3c/webauthn/commit/321a9db0b4cc433e8ea882d568844b3f81158b44
* Properly reference {{TokenBinding/id}} from {{TokenBinding/status}}
by Emil Lundberg
https://github.com/w3c/webauthn/commit/4d6991ba326af7ab706be7a7d5fd63215ea1a95e
* Add an “internal” AuthenticatorTransport.
The motivating example is a built-in fingerprint reader. It might be
connected via an I²C bus or the like, but the current
AuthenticatorTransport enumeration cannot express anything like that.
This change adds a catch-all for these internal transports because, from
the point of view of the client, they're all the same: there's nothing
for the user to do if they're not there so no point prompting them.
It also clarifies that the “usb” type means a removable USB device. Some
built-in hardware (esp in laptops) is connected via an internal USB bus,
but a user would not know that and would not want to be prompted like it
was a removable device in that case.
by Adam Langley
https://github.com/w3c/webauthn/commit/6e4480e49b3de9ebb435bdcc30b8b22a4083f784
* Add @agl's commas
by Emil Lundberg
https://github.com/w3c/webauthn/commit/bc6dcf0ae53dc6dcfec16cda20ce6e3549540eff
* Emphasize that already-available authenticators also "become available"
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e5696ed6bee6f13d9eb1b2062ab1cce6d2298df7
* Remove (probably) outdated inline issue 2:
ISSUE 2 @balfanz wishes to add to the "direct" case: If the
authenticator violates the privacy requirements of the attestation type
it is using, the client SHOULD terminate this algorithm with an
"AttestationNotPrivateError".
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2582344c70504541b0248aa91d078c18a1118709
* Unnecessary to specify extension validity
by Kim Paulhamus
https://github.com/w3c/webauthn/commit/045e92e40b00dd917ea970b59f3466e4cbf30ede
* Fix urlPrefix of FIDO-APPID anchors to agree with FIDO-APPID in biblio
by Emil Lundberg
https://github.com/w3c/webauthn/commit/73ec34024dfe5e50580ce1e9338184802676e67f
* Update FIDO references to newer versions of the documents
by Emil Lundberg
https://github.com/w3c/webauthn/commit/836b12623cf30066b98455059a63c10bf9a1dd6e
* Merge pull request #903 from agl/internal-transport
Add an “internal” AuthenticatorTransport.
by Adam Langley
https://github.com/w3c/webauthn/commit/3c5e383f0f5642e9d5815d97480e7d1b198356fe
* Emphasize credentialId randomness in example
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b79038beadb2bff11afd3194c133182633acc39b
* Merge branch 'master' into patch-2
by Emil Lundberg
https://github.com/w3c/webauthn/commit/557ac578faf052d48893d7c23650a06d42fa0fcf
* Update more FIDO references
by Emil Lundberg
https://github.com/w3c/webauthn/commit/a43d1792ffaa7b7b6c9c92e1d4479c35d24afe1a
* Merge branch 'master' into issue-405-dfn-blocks
by Emil Lundberg
https://github.com/w3c/webauthn/commit/4fc53d8f765b745b74e8c978b174d7e9b4285048
* Fix run-on sentences in example comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/a86910e927ba25510e3ce702374285516639ef01
* Use consistent formatting for "true" in prose
by Emil Lundberg
https://github.com/w3c/webauthn/commit/59acf19709bb64ab89b59fa37d91f8eda3bdc80d
* Use consistent formatting for "false" in prose
by Emil Lundberg
https://github.com/w3c/webauthn/commit/a067ae4239c43b1467daad5288494accf13456ab
* Fix uses of "Boolean" in prose text
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d368b688e3c62d9ea811f0d871bcc61fddb25769
* Update index.bs
by gmandyam
https://github.com/w3c/webauthn/commit/5e08a1d71eaab8703e9ee6ddd5ca59eb3607bf8e
* Merge pull request #924 from gmandyam/master
Modify Location Extension description
by gmandyam
https://github.com/w3c/webauthn/commit/bcd08c6641e8ff3bb43b5ba8c23b0df81c602027
* Merge pull request #922 from w3c/issue-921-boolean-formatting
Fix formatting of Boolean values and type name
by Emil Lundberg
https://github.com/w3c/webauthn/commit/454985fd9477b1c4241cf8f8333ef34054279f22
* Merge branch 'master' into issue-898-update-fido-refs
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f9b5981a3ec09c2842df8f2c5e9f9431cac9dd4f
* Merge pull request #913 from w3c/issue-898-update-fido-refs
Update FIDO references to newer documents
by Emil Lundberg
https://github.com/w3c/webauthn/commit/2c6faa8cad963a9dd2eacbb19022cdee4001a745
* Remove other unnecessary statements
by Kim Paulhamus
https://github.com/w3c/webauthn/commit/8e7635112e375f2a5f862d34da188670ae829357
* Merge branch 'master' into issue-405-dfn-blocks
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d2505b4c949ae5978ff29e3a1412e9532a5e6640
* Merge branch 'master' into issue-613-hot-plugging-finish
by Emil Lundberg
https://github.com/w3c/webauthn/commit/25527753261d554425a4daac7302744e1ff6b5c6
* Merge branch 'master' into issue-613-hot-plugging-finish
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f2fae2ed1f083232561134a6afa90f851c76e528
* Merge branch 'master' into issue-613-hot-plugging-finish
by Emil Lundberg
https://github.com/w3c/webauthn/commit/c8f110d9765a2a9aeee2d68bcf7e1e9fd31f3ba8
* Create draft-jones-webauthn-secp256k1 to register secp256k1 curve and algorithm identifiers (#918)
Posted as https://tools.ietf.org/html/draft-jones-webauthn-secp256k1-00
by Mike Jones
https://github.com/w3c/webauthn/commit/c24321f2eb778e880de14b463c5887915e758a95
* Merge pull request #908 from w3c/issue-454-inline-issue-2
Remove (probably) outdated inline issue 2
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d3c0757acd9f630774ce3d5ecf8d8e0fe93c6ab0
* Merge pull request #901 from w3c/issue-405-dfn-blocks
Adopt definition list markdown notation for dfn blocks
by Emil Lundberg
https://github.com/w3c/webauthn/commit/0f5b3a806a9f8e2ff02207fd673e130db2bb0db2
* Merge pull request #910 from kpaulh/trim-extensions
Trim unnecessary step from appId extension
by kpaulh
https://github.com/w3c/webauthn/commit/b455562d9c50af7fca0c753779d80f2c95784447
* Merge pull request #888 from herrjemand/patch-2
Fixed example with incorrect allowCredential. Improved existing examples
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f3b706b2b1a47ce53de8ebfa74fd88d486143fee
* Merge pull request #900 from w3c/issue-613-hot-plugging-finish
Finish up hot-plugging algorithm language
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b0ca15fa82e531dadaba9fc49c8c7abf141ef4d5
* Address some of @equalsJeffH's review comments
by Emil Lundberg
https://github.com/w3c/webauthn/commit/990b892c9f8f15f6403a1665d48c5748e9bc38f5
* Reword definitions of |authenticators|
by Emil Lundberg
https://github.com/w3c/webauthn/commit/8b6b7e1ded0f64806da8a739f4879bc5edfc7c6f
* Merge pull request #940 from w3c/pr-900-post-merge-review
PR #900 post-merge review changes
by Emil Lundberg
https://github.com/w3c/webauthn/commit/5cc9a6ac8cd9485ea3c23b40e9d230c11cfdaaaa
* Per Credential Signature Counters (#935)
* PerCredentialSignatureCounters
* shouldSHOULD
by Akshay Kumar
https://github.com/w3c/webauthn/commit/f0acd1ade1ad27bccf52e85435ae7256f275d05d
* improve #936: existing linking lint (#944)
merging this editorial fixup PR...
* remove some dfn tags from section headers, improves issue #936
* tag occurances of 'verification procedure' improves issue #936
* un-dfn DAA improves #936
* un-dfn non-attstn fmt, improves #936
* Review of PR #944 (#945)
* Replace old <dfn>s with links
* Eliminate <dfn> for "No attestation statement"
Since its text never appears again in the document, change the one link
to it to point to <dfn>None</dfn> instead.
* Add link to "none" attestation statement format from None attestation type
by =JeffH
https://github.com/w3c/webauthn/commit/204da2313c68f13b1baef9442733491c94fe58b2
* Merge branch 'master' into issue-151-credential-portability
by JeffH
https://github.com/w3c/webauthn/commit/2b6a12dbc0ee482e05ebc72ac86982563a2b2e10
Received on Tuesday, 12 June 2018 21:53:21 UTC