W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2016

Re: [webauthn] clarify conveyance of attested public key

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Sat, 15 Oct 2016 17:12:29 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-253997352-1476551547-sysbot+gh@w3.org>
it still looks to me that we are conveying the newly-generated, 
attested, user authentication (uauth) public key in two places in 
`ScopedCredentialInfo`:
* in `ScopedCredentialInfo.publicKey`
* also in 
`ScopedCredentialInfo.attestation.authenticatorData."Attestation 
data"."public key"`
..in the case of packed attestation format, at least. 

`ScopedCredentialInfo.publicKey` is mentioned only in section 
`{#iface-credentialInfo}` where it is defined.   

section `{#sec-authenticator-data}` notes that `Attestation data` is 
optional via the "(if present)" qualification.  

Is the purpose of`ScopedCredentialInfo.publicKey` to convey an 
*unattested* uauth public key? If so, it is not discussed AFAICT. 

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/94#issuecomment-253997352 using
 your GitHub account
Received on Saturday, 15 October 2016 17:12:36 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC