- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Mon, 17 Oct 2016 18:20:52 +0000
- To: public-webauthn@w3.org
@vijaybh wrote:
> Attestation data is not optional
that's what I thought, tho the "(if present)" notation in the table in
{#sec-authenticator-data} had me wondering.
> it is never present on getAssertion, and always present on
makeCredential
that's something we need to clarify.
> So you are right, the public key is in two places. Options:
> - Add something to the verification procedure for attestation to say
that the two must be verified to match.
> - Remove the public key from the ScopedCredentialInfo.
> Your thoughts? The latter seems simpler.
Agreed, the latter, also in order to reduce conveyed octets.
--
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at
https://github.com/w3c/webauthn/issues/94#issuecomment-254289830 using
your GitHub account
Received on Monday, 17 October 2016 18:21:00 UTC