- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Fri, 04 Nov 2016 20:33:08 +0000
- To: public-webauthn@w3.org
Hi Rolf, thx for the review.
@rlin1 wrote:
> With this PR, the RP can now only interoperate with an
authenticator if it understand the attestation format produced by that
authenticator
actually, that is no longer the case since PR #161 "make attestation
more modular" which added this section..
```
{#generating-an-attestation-statement}
This section specifies the algorithm for generating an attestation
statement, independent
of <a>attestation format</a>.
```
..and which specifies (via the table therein) a common format for
conveying AAGUID and CredID and pubkey alg & encoding and attested
public key, across all attstn formats.
Thus an RP may still, if it accepts the risk, simply pluck the
attested public key from the attestation statement without
understanding the various attstn formats (which remains necessary if
the RP wishes to verify the attstn signature).
Additionally, this PR normalizes terminology, which we would want/need
to do in any case.
--
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at
https://github.com/w3c/webauthn/pull/235#issuecomment-258540194 using
your GitHub account
Received on Friday, 4 November 2016 20:33:14 UTC