- From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
- Date: Mon, 17 Oct 2016 15:35:30 +0000
- To: public-webauthn@w3.org
Attestation data is not optional - it is never present on getAssertion, and always present on makeCredential. So you are right, the public key is in two places. Options: - Add something to the verification procedure for attestation to say that the two must be verified to match. - Remove the public key from the ScopedCredentialInfo. Your thoughts? The latter seems simpler. -- GitHub Notification of comment by vijaybh Please view or discuss this issue at https://github.com/w3c/webauthn/issues/94#issuecomment-254243642 using your GitHub account
Received on Monday, 17 October 2016 15:35:40 UTC