W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2016

Re: [webauthn] clarify conveyance of attested public key

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Mon, 17 Oct 2016 18:20:52 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-254289830-1476728450-sysbot+gh@w3.org>
@vijaybh wrote:
> Attestation data is not optional

that's what I thought, tho the "(if present)" notation in the table in
 {#sec-authenticator-data} had me wondering.

> it is never present on getAssertion, and always present on 
makeCredential

that's something we need to clarify.

> So you are right, the public key is in two places. Options:
> - Add something to the verification procedure for attestation to say
 that the two must be verified to match.
> - Remove the public key from the ScopedCredentialInfo.
> Your thoughts? The latter seems simpler.

Agreed, the latter, also in order to reduce conveyed octets. 


-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/94#issuecomment-254289830 using
 your GitHub account
Received on Monday, 17 October 2016 18:21:00 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC