W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2016

Re: [webauthn] Make attestation more modular

From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
Date: Wed, 14 Sep 2016 09:53:16 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-246962772-1473846794-sysbot+gh@w3.org>
Regarding Step 6 in Verifying an Attestation Statement:
If the authenticatorData in the attestation statement is controlled by
 the calling App, it doesn't make sense (from a security perspective) 
to verify the rpId hash include in authenticatorData to the one in 
In this case, the rpId would have to be included in the statement 
(i.e. level1Data).

GitHub Notification of comment by rlin1
Please view or discuss this issue at 
https://github.com/w3c/webauthn/pull/161#issuecomment-246962772 using 
your GitHub account
Received on Wednesday, 14 September 2016 09:53:24 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:22 UTC