W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2017

Re: [webauthn] Credential ID not signed

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Thu, 02 Mar 2017 01:02:04 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-283522745-1488416522-sysbot+gh@w3.org>
the spec has evolved such that the Credential ID is part of the 
attestation data (regardless of attestation format) within the 
authenticator data, which is signed over.  see 'figure 2' and [figure 
3](https://w3c.github.io/webauthn/#fig-attStructs).  closing this 
issue. 

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/206#issuecomment-283522745 
using your GitHub account
Received on Thursday, 2 March 2017 01:02:16 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:24 UTC