[webauthn] "Authenticator extension processing" is likely wrong from Alexei Czeskis via GitHub on 2017-09-08 (public-webauthn@w3.org from September 2017)

From: Alexei Czeskis via GitHub <sysbot+gh@w3.org>
Date: Fri, 08 Sep 2017 17:20:32 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-256319265-1504891223-sysbot+gh@w3.org>

leshi has just created a new issue for https://github.com/w3c/webauthn:

== "Authenticator extension processing" is likely wrong ==
The description says:

> As specified in §5.1 Authenticator data, the CBOR authenticator extension **input** value of each processed authenticator extension is included in the extensions data part of the authenticator data. This part is a CBOR map, with CBOR extension identifier values as keys, and the CBOR authenticator extension **input** value of each extension as the value.

I believe that's incorrect.  Specifically, it talks about putting the authenticator extension **input** in the authenticator data, but I think it means the authenticator extension **output**.

Other evidence of this theory is the the contradictory statement in section 5.1 (Authenticator Data), which states that the extension field "is a CBOR [RFC7049] map with extension identifiers as keys, and authenticator extension **outputs** as values. See §8 WebAuthn Extensions for details."

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/548 using your GitHub account

Received on Friday, 8 September 2017 17:20:27 UTC