the spec has evolved such that the Credential ID is part of the attestation data (regardless of attestation format) within the authenticator data, which is signed over. see 'figure 2' and [figure 3](https://w3c.github.io/webauthn/#fig-attStructs). closing this issue. -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/206#issuecomment-283522745 using your GitHub accountReceived on Thursday, 2 March 2017 01:02:16 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:24 UTC