- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Mon, 17 Oct 2016 18:20:52 +0000
- To: public-webauthn@w3.org
@vijaybh wrote: > Attestation data is not optional that's what I thought, tho the "(if present)" notation in the table in {#sec-authenticator-data} had me wondering. > it is never present on getAssertion, and always present on makeCredential that's something we need to clarify. > So you are right, the public key is in two places. Options: > - Add something to the verification procedure for attestation to say that the two must be verified to match. > - Remove the public key from the ScopedCredentialInfo. > Your thoughts? The latter seems simpler. Agreed, the latter, also in order to reduce conveyed octets. -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/94#issuecomment-254289830 using your GitHub account
Received on Monday, 17 October 2016 18:21:00 UTC