[webauthn] Simplifying attestation, take two

vijaybh has just created a new issue for 

== Simplifying attestation, take two ==
Some colleagues and I have spent a fair bit of time with attestation 
recently, and in thinking through implementation issues it became 
apparent that a browser implementation has to do significant parsing 
of the attestation data returned from the authenticator even though 
the client really should not care about the contents of this.

Strawman suggestion that we came up with:
- Reduce WebAuthnAttestation to { ArrayBuffer clientData; ArrayBuffer 
attestation; }
- Have attestation be a CBOR map containing
    - Format
    - authenticatorData
    - format-specific content (different for packed vs. TPM and so on)
- Perhaps this will become obsolete if we implement the above, but any
 place we insert the algorithm of the attestation signature, we could 
remove that field for the case of self attestation

The above CBOR map would not be parsed at all on the client, only at 
the server. This might also simplify the IDL a little bit.

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/244 using your GitHub account

Received on Wednesday, 2 November 2016 16:29:31 UTC