Re: [webauthn] remove ScopedCredentialInfo.publicKey; use "credential public key" term consistently

Hi Rolf, thx for the review. 

@rlin1 wrote:
>  With this PR, the RP can now only interoperate with an 
authenticator if it understand the attestation format produced by that

actually, that is no longer the case since PR #161 "make attestation 
more modular" which added this section..

This section specifies the algorithm for generating an attestation 
statement, independent
of <a>attestation format</a>.
..and which specifies (via the table therein) a common format for 
conveying AAGUID and CredID and pubkey alg & encoding and attested 
public key, across all attstn formats. 

Thus  an RP may still, if it accepts the risk, simply pluck the 
attested public key from the attestation statement without 
understanding the various attstn formats (which remains necessary if 
the RP wishes to verify the attstn signature).

Additionally, this PR normalizes terminology, which we would want/need
 to do in any case. 

GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at using 
your GitHub account

Received on Friday, 4 November 2016 20:33:14 UTC