W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2016

Re: [webauthn] clarify conveyance of attested public key

From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
Date: Mon, 17 Oct 2016 15:35:30 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-254243642-1476718528-sysbot+gh@w3.org>
Attestation data is not optional - it is never present on 
getAssertion, and always present on makeCredential. So you are right, 
the public key is in two places. Options:
- Add something to the verification procedure for attestation to say 
that the two must be verified to match.
- Remove the public key from the ScopedCredentialInfo.
Your thoughts? The latter seems simpler.

-- 
GitHub Notification of comment by vijaybh
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/94#issuecomment-254243642 using
 your GitHub account
Received on Monday, 17 October 2016 15:35:40 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC