Re: [webauthn] FIDO U2F Attestation Statement Format needs to clarify that user handle will be empty

I think it would be better to add more description regarding this at step 1 of ยง7.2 Verifying an authentication assertion. We need to provide detailed procedures for the RP server to look up credential public key with credential id and user handle. 
We need to mention the fact that the RP server should look up credential public keys with user id before sending an challenge and then select one from the keys after getting an assertion with credential Id in case of 2nd factor use cases.

GitHub Notification of comment by Kieun
Please view or discuss this issue at using your GitHub account

Received on Tuesday, 12 December 2017 16:15:30 UTC