- From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
- Date: Wed, 27 Jul 2016 05:55:54 +0000
- To: public-webauthn@w3.org
vijaybh has just created a new issue for https://github.com/w3c/webauthn: == Problem with authn selection extension == The current text says: If an authenticator was selected from AuthenticatorSelectionList, its AAGUID MUST be added by the client to the ClientData as the client data value for this extension. However this creates a chicken-and-egg problem. The client may send out a request to a number of authenticators. It needs to include the AAGUID of the authenticator that finally responds in its clientData. But by the time the client knows the AAGUID, the clientData has already been sent to the authenticator and signed over. One way (the simplest way?) to address this is to simply remove this requirement for adding anything to the clientData, since the AAGUID of the selected authenticator will be in the attestation anyways. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/152 using your GitHub account
Received on Wednesday, 27 July 2016 05:56:10 UTC