- From: Rolf Lindemann <rlindemann@noknok.com>
- Date: Fri, 15 Jul 2016 20:02:12 +0200
- To: "'Vijay Bharadwaj via GitHub'" <sysbot+gh@w3.org>, <public-webauthn@w3.org>
Yes, it does. Thank you. -----Ursprüngliche Nachricht----- Von: Vijay Bharadwaj via GitHub [mailto:sysbot+gh@w3.org] Gesendet: Freitag, 15. Juli 2016 19:57 An: public-webauthn@w3.org Betreff: Re: [webauthn] Security: Signature format doesn't cover whole context @rlin1 - In my latest commit 2b671cdfbbe7b0c79d0fc0e1386c168650618904 I've added the RP ID to the ClientData as well, so the RP can verify it both at registration and at authentication time. Does this address your concern? The problem with letting the RP figure it out from the facet is that then the client and RP must agree on the exact algorithm for turning facets into RP IDs. While this algorithm is fixed now, it may change in some small way later. Also I like having the signatures self-contained so you don't have to go look up a PSL to validate the signature. -- GitHub Notification of comment by vijaybh Please view or discuss this issue at https://github.com/w3c/webauthn/issues/107#issuecomment-233022516 using your GitHub account
Received on Friday, 15 July 2016 18:02:34 UTC