W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2016

Re: [webauthn] Spec should not mandate behavior of server

From: Adam Powers via GitHub <sysbot+gh@w3.org>
Date: Tue, 10 May 2016 15:09:01 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-218187905-1462892940-sysbot+gh@w3.org>
For relevant points, see:
* [Section 4.3.1](http://w3c.github.io/webauthn/#attestation-models): 
Compliant servers MUST support all attestation models. Authenticators 
can choose what attestation model to implement.
* [Section](http://w3c.github.io/webauthn/#packed-attestation-signature):
 The signature is computed over the rawData field. The following 
algorithms must be implemented by servers:
* [Section 6.5](http://w3c.github.io/webauthn/#uvi-extension): Servers
 supporting UVI extensions MUST support a length of up to 32 bytes for
 the UVI value.
* [Section 
 Upon receiving an attestation statement, the WebAuthn Relying Party 

Like attestation statements and signature formats, this sort of 
information is useful to those that are trying to use the APIs. 
Suggesting broad adoption of some set of crypto / attestation formats 
is important to make sure implementations are broadly interoperable. 
Also, Section 4.3.3 is generally important to make sure that a server 
is doing its appropriate security diligence.

GitHub Notification of comment by apowers313
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/88#issuecomment-218187905 using
 your GitHub account
Received on Tuesday, 10 May 2016 15:09:03 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:20 UTC