- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Wed, 12 Sep 2018 16:08:20 +0000
- To: public-webauthn@w3.org
Moxie's post is about the dangers of mixing secrets with unauthenticated data. Since the RP is verifying public-key operations, it doesn't apply here. None the less, if we assume that some RPs might miss some of the enumerated checks, having “check the signature” be step 16 of 17 might be a little dangerous. So I wouldn't object to prioritising it if someone wanted to make the PR. -- GitHub Notification of comment by agl Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1064#issuecomment-420705800 using your GitHub account
Received on Wednesday, 12 September 2018 16:08:21 UTC