W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2017

Re: [webauthn] various issues with AppId extension

From: Alexei Czeskis via GitHub <sysbot+gh@w3.org>
Date: Tue, 05 Dec 2017 20:16:26 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-349427582-1512504985-sysbot+gh@w3.org>
`rpId` cannot be replaced by `appId` because the RP could have provided several credentials in the allowList -- some that were registered using the legacy u2f APIs (and hence need the appid extension to override their `rpId`) and some that were registered using webauthn API (and hence need to keep their `rpId`).  This needs to be fixed.

Regarding "causing confusing with future extensions", I think that's a future problem.  Future extensions can cause problems with *any* part of the spec (not just `rpId` processing) since extensions have no limits as to what they can do.  In any case, let's not worry about future extensions here. 

GitHub Notification of comment by leshi
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/491#issuecomment-349427582 using your GitHub account
Received on Tuesday, 5 December 2017 20:16:28 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:30 UTC