W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Consider allowing authenticators to randomise signed hashes.

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Sun, 03 Sep 2017 21:31:06 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-326832479-1504474255-sysbot+gh@w3.org>
> We should close the issue asap to avoid distraction since the ask here is to re-do hardware interface design 

Isn't webauthn the source of things like section 9.3 (Generic Transaction Authorization Extension), and 9.7 (Location Extension)? If these sections are echoing things defined elsewhere then I have misunderstood the relation between the specs. But if webauthn is defining things that can be signed then saying "there should be something arbitrary so that tokens can randomise inputs" is related.

Although I do agree that if the specific idea of describing the signature counter as arbitrary is rejected (as it appears from #539 ) then this gets more complex, probably involves an extension and can be worried about in the future.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/453#issuecomment-326832479 using your GitHub account
Received on Sunday, 3 September 2017 21:31:06 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC