Re: [webauthn] Security: Signature format doesn't cover whole context from Rolf Lindemann via GitHub on 2016-07-15 (public-webauthn@w3.org from July 2016)

From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
Date: Fri, 15 Jul 2016 17:19:27 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-233012827-1468603165-sysbot+gh@w3.org>

>At **registration time** and with assertions, Bank.com would realize 
that the external authenticator saw some RPID other than Bank.com.
In this case we should add this hash(RPID) also to the packed 
attestation - same location.

-- 
GitHub Notification of comment by rlin1
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/107#issuecomment-233012827 
using your GitHub account

Received on Friday, 15 July 2016 17:19:34 UTC