- From: Christiaan Brand <cbrand@google.com>
- Date: Wed, 1 Nov 2017 11:49:48 -0700
- To: Emil Lundberg <emil@yubico.com>
- Cc: W3C Web Authn WG <public-webauthn@w3.org>
Received on Wednesday, 1 November 2017 18:50:11 UTC
Yes, you are correct. On Wed, Nov 1, 2017 at 11:37 AM, Emil Lundberg <emil@yubico.com> wrote: > I think request (4) is already technically satisfied: The client can add > properties to the client data JSON before hashing it and sending it to the > authenticator. The result sent to the RP contains the client data JSON that > was signed over, and the RP is instructed only to verify some of the > contents of the client data object. > > On Wed, Nov 1, 2017 at 5:23 PM Christiaan Brand <cbrand@google.com> wrote: > >> Hi folks, >> >> Please see attached a proposal from Google regarding the "Privacy CA" >> model that Chrome will be adopting. The idea is to open this up for >> discussion (maybe on the call today, but definitely at TPAC next week). >> >> Please note that this document is a WIP, but I wanted to make sure we >> give everyone an early glimpse into our thinking so we could refine the >> proposal as we go along while making sure we have the necessary plumbing in >> WebAuthN to support this model. >> >> I'll also be cross-posting this to the FIDO2 TWG. >> >> Regards, >> Christiaan >> > -- > > Emil Lundberg > > Software Developer | Yubico <http://www.yubico.com/> > > >
Received on Wednesday, 1 November 2017 18:50:11 UTC