W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2016

[webauthn] Issue: clarify conveyance of attested public key marked as stat:Discuss

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Thu, 12 May 2016 13:17:30 +0000
To: public-webauthn@w3.org
Message-ID: <issues.labeled-154479705-None-sysbot+gh@w3.org>
equalsJeffH has just labeled an issue for 
https://github.com/w3c/webauthn as "stat:Discuss":

== clarify conveyance of attested public key ==
the makeCredential() promise returns a ScopedCredentialInfo..
```
interface ScopedCredentialInfo {
    readonly attribute Credential           credential;
    readonly attribute any                  publicKey;
    readonly attribute WebAuthnAttestation  attestation;
};
```
..wherein the publicKey attribute is intended to convey the "attested 
public key", which is the user's newly-generated public key to be 
registered with the webauthn relying party (WRP).

However, in the "Packed Attestation (type="packed")" section, there's 
this this text..
```
The rawData object contains the attested public key and the 
clientDataHash. See ยง4.3.2.1.1 Attestation rawData for details.
```
..which is clearly saying the attested public key is being conveyed in
 the rawData object. 

Perhaps a hash of the attested public key ought to be conveyed in the 
rawData object, and it be made clear that the plaintext attested 
public key be conveyed in ScopedCredentials.publicKey.

also note that our terminology for the so-called attested public key 
needs to be normailzed, see #79 .


See https://github.com/w3c/webauthn/issues/94
Received on Thursday, 12 May 2016 13:17:40 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:18 UTC