Re: [webauthn] clarify conveyance of attested public key from =JeffH via GitHub on 2016-10-15 (public-webauthn@w3.org from October 2016)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Sat, 15 Oct 2016 17:12:29 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-253997352-1476551547-sysbot+gh@w3.org>

it still looks to me that we are conveying the newly-generated, 
attested, user authentication (uauth) public key in two places in 
`ScopedCredentialInfo`:
* in `ScopedCredentialInfo.publicKey`
* also in 
`ScopedCredentialInfo.attestation.authenticatorData."Attestation 
data"."public key"`
..in the case of packed attestation format, at least. 

`ScopedCredentialInfo.publicKey` is mentioned only in section 
`{#iface-credentialInfo}` where it is defined.   

section `{#sec-authenticator-data}` notes that `Attestation data` is 
optional via the "(if present)" qualification.  

Is the purpose of`ScopedCredentialInfo.publicKey` to convey an 
*unattested* uauth public key? If so, it is not discussed AFAICT. 

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/94#issuecomment-253997352 using
 your GitHub account

Received on Saturday, 15 October 2016 17:12:36 UTC