Re: [webauthn] Credential ID not signed

the spec has evolved such that the Credential ID is part of the 
attestation data (regardless of attestation format) within the 
authenticator data, which is signed over.  see 'figure 2' and [figure 
3](  closing this 

GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at 
using your GitHub account

Received on Thursday, 2 March 2017 01:02:16 UTC