W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2016

[webauthn] Simplifying attestation, take two

From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
Date: Wed, 02 Nov 2016 16:29:25 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-186851402-1478104163-sysbot+gh@w3.org>
vijaybh has just created a new issue for 

== Simplifying attestation, take two ==
Some colleagues and I have spent a fair bit of time with attestation 
recently, and in thinking through implementation issues it became 
apparent that a browser implementation has to do significant parsing 
of the attestation data returned from the authenticator even though 
the client really should not care about the contents of this.

Strawman suggestion that we came up with:
- Reduce WebAuthnAttestation to { ArrayBuffer clientData; ArrayBuffer 
attestation; }
- Have attestation be a CBOR map containing
    - Format
    - authenticatorData
    - format-specific content (different for packed vs. TPM and so on)
- Perhaps this will become obsolete if we implement the above, but any
 place we insert the algorithm of the attestation signature, we could 
remove that field for the case of self attestation

The above CBOR map would not be parsed at all on the client, only at 
the server. This might also simplify the IDL a little bit.

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/244 using your GitHub account
Received on Wednesday, 2 November 2016 16:29:31 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC