W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

[webauthn] "Authenticator extension processing" is likely wrong

From: Alexei Czeskis via GitHub <sysbot+gh@w3.org>
Date: Fri, 08 Sep 2017 17:20:32 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-256319265-1504891223-sysbot+gh@w3.org>
leshi has just created a new issue for https://github.com/w3c/webauthn:

== "Authenticator extension processing" is likely wrong ==
The description says:

> As specified in §5.1 Authenticator data, the CBOR authenticator extension **input** value of each processed authenticator extension is included in the extensions data part of the authenticator data. This part is a CBOR map, with CBOR extension identifier values as keys, and the CBOR authenticator extension **input** value of each extension as the value.

I believe that's incorrect.  Specifically, it talks about putting the authenticator extension **input** in the authenticator data, but I think it means the authenticator extension **output**.

Other evidence of this theory is the the contradictory statement in section 5.1 (Authenticator Data), which states that the extension field "is a CBOR [RFC7049] map with extension identifiers as keys, and authenticator extension **outputs** as values. See §8 WebAuthn Extensions for details."

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/548 using your GitHub account
Received on Friday, 8 September 2017 17:20:27 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC