Re: [webauthn] various issues with AppId extension from Alexei Czeskis via GitHub on 2017-12-05 (public-webauthn@w3.org from December 2017)

From: Alexei Czeskis via GitHub <sysbot+gh@w3.org>
Date: Tue, 05 Dec 2017 20:16:26 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-349427582-1512504985-sysbot+gh@w3.org>

`rpId` cannot be replaced by `appId` because the RP could have provided several credentials in the allowList -- some that were registered using the legacy u2f APIs (and hence need the appid extension to override their `rpId`) and some that were registered using webauthn API (and hence need to keep their `rpId`).  This needs to be fixed.

Regarding "causing confusing with future extensions", I think that's a future problem.  Future extensions can cause problems with *any* part of the spec (not just `rpId` processing) since extensions have no limits as to what they can do.  In any case, let's not worry about future extensions here. 

-- 
GitHub Notification of comment by leshi
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/491#issuecomment-349427582 using your GitHub account

Received on Tuesday, 5 December 2017 20:16:28 UTC