Re: [webauthn] Security: Signature format doesn't cover whole context

@rlin1 - In my latest commit 2b671cdfbbe7b0c79d0fc0e1386c168650618904 
I've added the RP ID to the ClientData as well, so the RP can verify 
it both at registration and at authentication time. Does this address 
your concern?

The problem with letting the RP figure it out from the facet is that 
then the client and RP must agree on the exact algorithm for turning 
facets into RP IDs. While this algorithm is fixed now, it may change 
in some small way later. Also I like having the signatures 
self-contained so you don't have to go look up a PSL to validate the 
signature.

-- 
GitHub Notification of comment by vijaybh
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/107#issuecomment-233022516 
using your GitHub account

Received on Friday, 15 July 2016 17:57:02 UTC