- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Thu, 12 May 2016 13:17:30 +0000
- To: public-webauthn@w3.org
equalsJeffH has just labeled an issue for
https://github.com/w3c/webauthn as "stat:Discuss":
== clarify conveyance of attested public key ==
the makeCredential() promise returns a ScopedCredentialInfo..
```
interface ScopedCredentialInfo {
readonly attribute Credential credential;
readonly attribute any publicKey;
readonly attribute WebAuthnAttestation attestation;
};
```
..wherein the publicKey attribute is intended to convey the "attested
public key", which is the user's newly-generated public key to be
registered with the webauthn relying party (WRP).
However, in the "Packed Attestation (type="packed")" section, there's
this this text..
```
The rawData object contains the attested public key and the
clientDataHash. See ยง4.3.2.1.1 Attestation rawData for details.
```
..which is clearly saying the attested public key is being conveyed in
the rawData object.
Perhaps a hash of the attested public key ought to be conveyed in the
rawData object, and it be made clear that the plaintext attested
public key be conveyed in ScopedCredentials.publicKey.
also note that our terminology for the so-called attested public key
needs to be normailzed, see #79 .
See https://github.com/w3c/webauthn/issues/94
Received on Thursday, 12 May 2016 13:17:40 UTC