W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2016

Re: [webauthn] remove ScopedCredentialInfo.publicKey; use "credential public key" term consistently

From: bifurcation via GitHub <sysbot+gh@w3.org>
Date: Fri, 04 Nov 2016 11:37:17 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-258409900-1478259433-sysbot+gh@w3.org>
This PR removes important functionality.  Right now, it is possible 
for a RP to use this API without any knowledge of attestation formats 
(as long as it's willing to believe the browser that the key is good 
enough).  With this PR, the RP can now only interoperate with an 
authenticator if it understand the attestation format produced by that
 authenticator, and it has to have code to process all the attestation
 formats on its critical path, before it can even look at the public 
key.  Those seem like pretty serious constraints on interoperability 
and usability, so I'm inclined to close this PR. 

GitHub Notification of comment by bifurcation
Please view or discuss this issue at 
https://github.com/w3c/webauthn/pull/235#issuecomment-258409900 using 
your GitHub account
Received on Friday, 4 November 2016 11:37:23 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC