[w3c/webauthn] 10e12d: Document prevention of attacks on privacy

  Branch: refs/heads/authenticator-taxonomy
  Home:   https://github.com/w3c/webauthn
  Commit: 10e12d0bfffa8d5cf6980425e90766d66050ff0d
      https://github.com/w3c/webauthn/commit/10e12d0bfffa8d5cf6980425e90766d66050ff0d
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2018-05-09 (Wed, 09 May 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Document prevention of attacks on privacy


  Commit: 6a83ec06d619aedee05d1f9892f453689b6fcb1b
      https://github.com/w3c/webauthn/commit/6a83ec06d619aedee05d1f9892f453689b6fcb1b
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2018-05-09 (Wed, 09 May 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Reference §14.4 in §14.2


  Commit: f55c4c3a38ef18349b1feb91f8763875c39758d5
      https://github.com/w3c/webauthn/commit/f55c4c3a38ef18349b1feb91f8763875c39758d5
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2018-05-11 (Fri, 11 May 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Remove mention of a timeout for isUserVerifyingPlatformAuthenticatorAvailable.

As discussed on the issue, implementations appear to be converging on
implementing this call without prompting the user and returning
immediately. The wording in this section is loose enough that
implementations that wish to continue using a timeout can find enough
slack to do so, but this change removes the firm suggestion to do so.

Also, align the spacing of “Promise<T>” to match the style used
elsewhere in the W3C specs.

Fixes #575


  Commit: df81b61d660079345c1e40afc2762ea812db96f0
      https://github.com/w3c/webauthn/commit/df81b61d660079345c1e40afc2762ea812db96f0
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2018-05-16 (Wed, 16 May 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Eliminate the “not-supported” option for tokenBinding.status

The tokenBinding member is optional so this created two different ways
to encode that tokenBinding wasn't supported: omitting tokenBinding
completely and including it with status = “not-supported”. This change
eliminates the second option.

This matches Firefox's current behaviour and Chrome will align.

Fixes #907.


  Commit: 31aed6629c957829466415ad62d93e2210524e3f
      https://github.com/w3c/webauthn/commit/31aed6629c957829466415ad62d93e2210524e3f
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2018-05-24 (Thu, 24 May 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Specify the meaning of omitting tokenBinding.


  Commit: 0b3e939f9142a1b7c8d1edb9d9c0e354cfbc9866
      https://github.com/w3c/webauthn/commit/0b3e939f9142a1b7c8d1edb9d9c0e354cfbc9866
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2018-05-29 (Tue, 29 May 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Address @selfissued's review comments


  Commit: ad22fce9fbe6685490dd767bb52445e600c9af88
      https://github.com/w3c/webauthn/commit/ad22fce9fbe6685490dd767bb52445e600c9af88
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2018-05-30 (Wed, 30 May 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Remove confirmation prompt from isUserVerifyingPlatformAuthenticatorAvailable()

See:

- https://github.com/w3c/webauthn/issues/575#issuecomment-386059592
- https://github.com/w3c/webauthn/issues/575#issuecomment-386650507
- https://github.com/w3c/webauthn/issues/575#issuecomment-393134099


  Commit: 0db8a61125c6dbb88474207123e34e1742f666cc
      https://github.com/w3c/webauthn/commit/0db8a61125c6dbb88474207123e34e1742f666cc
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2018-06-06 (Wed, 06 Jun 2018)

  Changed paths:
    A draft-jones-webauthn-secp256k1.html
    A draft-jones-webauthn-secp256k1.txt
    A draft-jones-webauthn-secp256k1.xml
    M index.bs

  Log Message:
  -----------
  Merge branch 'master' into issue907


  Commit: 82b6b3732eee66d37672454ea59fb93eb608bc6b
      https://github.com/w3c/webauthn/commit/82b6b3732eee66d37672454ea59fb93eb608bc6b
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2018-06-06 (Wed, 06 Jun 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Merge pull request #1 from w3c/issue575-remove-consent-prompt

Remove confirmation prompt from isUVPAA


  Commit: 06db112d81e09878257e54e7febaabe16f4a89e6
      https://github.com/w3c/webauthn/commit/06db112d81e09878257e54e7febaabe16f4a89e6
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2018-06-06 (Wed, 06 Jun 2018)

  Changed paths:
    A draft-jones-webauthn-secp256k1.html
    A draft-jones-webauthn-secp256k1.txt
    A draft-jones-webauthn-secp256k1.xml
    M index.bs

  Log Message:
  -----------
  Merge branch 'master' into issue575


  Commit: 802ddec2c7b0bdcbe01bdd2b89715bd4043f5cd9
      https://github.com/w3c/webauthn/commit/802ddec2c7b0bdcbe01bdd2b89715bd4043f5cd9
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2018-06-07 (Thu, 07 Jun 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Change “optional” to “OPTIONAL”.


  Commit: f97fb77e80ee38f1ab8bb71463c7342e357435c4
      https://github.com/w3c/webauthn/commit/f97fb77e80ee38f1ab8bb71463c7342e357435c4
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2018-06-13 (Wed, 13 Jun 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Address some review comments


  Commit: a510bbfaabec0b6c6e433cae6bae515fbe829137
      https://github.com/w3c/webauthn/commit/a510bbfaabec0b6c6e433cae6bae515fbe829137
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2018-06-13 (Wed, 13 Jun 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Change "human being" to "natural person" and link to Wikipedia


  Commit: b78943880492bb4d57e774af02906d16fad06305
      https://github.com/w3c/webauthn/commit/b78943880492bb4d57e774af02906d16fad06305
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2018-06-13 (Wed, 13 Jun 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Address the rest of @equalsJeffH's review comments


  Commit: b136ba2d483c6e5a7905b1ca8a3d9714a9dd5cef
      https://github.com/w3c/webauthn/commit/b136ba2d483c6e5a7905b1ca8a3d9714a9dd5cef
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2018-06-13 (Wed, 13 Jun 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Add @equalsJeffH's rewording


  Commit: fd73fa51b2f996ac58ab0ffddcb670ef3025088a
      https://github.com/w3c/webauthn/commit/fd73fa51b2f996ac58ab0ffddcb670ef3025088a
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2018-06-15 (Fri, 15 Jun 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Clarify difference between |x5c| and |aikCert| in TPM attstmt verification


  Commit: b7f7fb47ff082baf5977cbc60af2d1748b86860a
      https://github.com/w3c/webauthn/commit/b7f7fb47ff082baf5977cbc60af2d1748b86860a
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2018-06-15 (Fri, 15 Jun 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Clarify difference between |x5c| and |attestnCert| in Packed attstmt verification


  Commit: 7ef6a96e22c8e1b4a3773e0ac87e1a6174109257
      https://github.com/w3c/webauthn/commit/7ef6a96e22c8e1b4a3773e0ac87e1a6174109257
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2018-06-19 (Tue, 19 Jun 2018)

  Changed paths:
    M .travis.yml
    M README.md
    A docker/bikeshed/Dockerfile
    A docker/bikeshed/README.md
    M index.bs

  Log Message:
  -----------
  Merge remote-tracking branch 'origin/master' into issue907


  Commit: 1678bbc8e6a6c63f06af909aad451fec8897d52b
      https://github.com/w3c/webauthn/commit/1678bbc8e6a6c63f06af909aad451fec8897d52b
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2018-06-19 (Tue, 19 Jun 2018)

  Changed paths:
    M .travis.yml
    M README.md
    A docker/bikeshed/Dockerfile
    A docker/bikeshed/README.md
    M index.bs

  Log Message:
  -----------
  Merge remote-tracking branch 'origin/master' into issue575


  Commit: a68f1a9256a7d73a71e68cec7d45f280dc46f033
      https://github.com/w3c/webauthn/commit/a68f1a9256a7d73a71e68cec7d45f280dc46f033
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2018-06-19 (Tue, 19 Jun 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Merge pull request #914 from agl/issue907

Eliminate the “not-supported” option for tokenBinding.status


  Commit: 2d669ded704e8adffd6e1fe981bd46bbb40650ab
      https://github.com/w3c/webauthn/commit/2d669ded704e8adffd6e1fe981bd46bbb40650ab
  Author: Adam Langley <agl@imperialviolet.org>
  Date:   2018-06-19 (Tue, 19 Jun 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Merge pull request #904 from agl/issue575

Remove mention of a timeout for isUserVerifyingPlatformAuthenticatorAvailable


  Commit: 1e0471f6ca63ec4d20b2bbca107b0bc08ec91a4b
      https://github.com/w3c/webauthn/commit/1e0471f6ca63ec4d20b2bbca107b0bc08ec91a4b
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2018-06-20 (Wed, 20 Jun 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Delete hardline statement about trust requirement for UV

See discussion in
https://github.com/w3c/webauthn/pull/899#discussion_r195171633


  Commit: 48d6579f37e1ad5eb9ada299255c62a1151ce680
      https://github.com/w3c/webauthn/commit/48d6579f37e1ad5eb9ada299255c62a1151ce680
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2018-06-20 (Wed, 20 Jun 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Revert "Change "human being" to "natural person" and link to Wikipedia"

This reverts commit a510bbfaabec0b6c6e433cae6bae515fbe829137.


  Commit: 10b27b671d42b437f0ce1bc3050f43f85a28d1db
      https://github.com/w3c/webauthn/commit/10b27b671d42b437f0ce1bc3050f43f85a28d1db
  Author: Emil Lundberg <emil@emlun.se>
  Date:   2018-06-20 (Wed, 20 Jun 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Specify extension types in listing instead of prose (#941)

* Specify extension type in listing instead of prose

* Change listing heading from "Extension type" to "Operation applicability"

* Always capitalize Authentication in this context


  Commit: 2b5246585fe1703cf13775275dba575126edb99a
      https://github.com/w3c/webauthn/commit/2b5246585fe1703cf13775275dba575126edb99a
  Author: Emil Lundberg <emil@emlun.se>
  Date:   2018-06-21 (Thu, 21 Jun 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Merge pull request #899 from w3c/issue-743-de-anon-priv-cons

Document prevention of attacks on privacy


  Commit: b4e3fcc9b35584bc45fd83460c593620d25ae380
      https://github.com/w3c/webauthn/commit/b4e3fcc9b35584bc45fd83460c593620d25ae380
  Author: Emil Lundberg <emil@emlun.se>
  Date:   2018-06-25 (Mon, 25 Jun 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Merge pull request #952 from w3c/issue-950-tpm-verification-clarity

Improve clarity of |x5c| in packed and tpm attstmt verification procedures


  Commit: 3766649f894ef76d3a17ddc0def7220a7d2fb010
      https://github.com/w3c/webauthn/commit/3766649f894ef76d3a17ddc0def7220a7d2fb010
  Author: Emil Lundberg <emil@yubico.com>
  Date:   2018-06-26 (Tue, 26 Jun 2018)

  Changed paths:
    M index.bs

  Log Message:
  -----------
  Merge branch 'master' into authenticator-taxonomy


Compare: https://github.com/w3c/webauthn/compare/d26ecf4ac70d...3766649f894e
      **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.

Received on Tuesday, 26 June 2018 18:38:27 UTC