- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Wed, 01 Mar 2017 19:13:18 +0000
- To: public-webauthn@w3.org
@AngeloKai wrote: > Authenticators with cross-platform roaming capability may or may not store key materials within the authenticator boundary what you mean by "key materials" is actually the [credential private key](https://w3c.github.io/webauthn/#credential-private-key), yes? > If an authenticator doesn't store key material, the RP needs to do additional actions of storing keys. The implicit assumption in the spec has been that such authenticators (authnrs) would simply use their wrapped private keys as the credential ID they return to the RP. This is how most (all?) U2F authenticators work today, yes? from the U2F Raw Messages spec: > A key handle ... This a handle that allows the U2F token to identify the generated key pair. U2F tokens MAY wrap the generated private key and the application id it was generated for, and output that as the key handle. The RP always needs to retain the Credential ID returned by makeCredential() and so it is transparent to the RP whether or not it is storing the credential private key. This is another candidate item to spell out more clearly in the spec in an "implementation considersations" section. -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/367#issuecomment-283439079 using your GitHub account
Received on Wednesday, 1 March 2017 19:13:26 UTC