W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2016

[webauthn] Problem with authn selection extension

From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
Date: Wed, 27 Jul 2016 05:55:54 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-167777005-1469598953-sysbot+gh@w3.org>
vijaybh has just created a new issue for 
https://github.com/w3c/webauthn:

== Problem with authn selection extension ==
The current text says:

If an authenticator was selected from AuthenticatorSelectionList, its 
AAGUID MUST be added by the client to the ClientData as the client 
data value for this extension.

However this creates a chicken-and-egg problem. The client may send 
out a request to a number of authenticators. It needs to include the 
AAGUID of the authenticator that finally responds in its clientData. 
But by the time the client knows the AAGUID, the clientData has 
already been sent to the authenticator and signed over.

One way (the simplest way?) to address this is to simply remove this 
requirement for adding anything to the clientData, since the AAGUID of
 the selected authenticator will be in the attestation anyways.

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/152 using your GitHub account
Received on Wednesday, 27 July 2016 05:56:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:23 UTC