it still looks to me that we are conveying the newly-generated, attested, user authentication (uauth) public key in two places in `ScopedCredentialInfo`: * in `ScopedCredentialInfo.publicKey` * also in `ScopedCredentialInfo.attestation.authenticatorData."Attestation data"."public key"` ..in the case of packed attestation format, at least. `ScopedCredentialInfo.publicKey` is mentioned only in section `{#iface-credentialInfo}` where it is defined. section `{#sec-authenticator-data}` notes that `Attestation data` is optional via the "(if present)" qualification. Is the purpose of`ScopedCredentialInfo.publicKey` to convey an *unattested* uauth public key? If so, it is not discussed AFAICT. -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/94#issuecomment-253997352 using your GitHub accountReceived on Saturday, 15 October 2016 17:12:36 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC