Re: [webauthn] new commits pushed by leshi from Alexei Czeskis on 2017-09-13 (public-webauthn@w3.org from September 2017)

From: Alexei Czeskis <aczeskis@google.com>
Date: Wed, 13 Sep 2017 14:26:45 -0700
To: Mike Jones <Michael.Jones@microsoft.com>
Cc: Alexei Czeskis via GitHub <sysbot+gh@w3.org>, "public-webauthn@w3.org" <public-webauthn@w3.org>
Message-ID: <CAM_SUqfy6Uq3CnnCimwt9BiR6a=DMXuDi7p-JjHpGhr3rJ2mrQ@mail.gmail.com>
Hey Mike!

While I can see the concern with inconsistencies, I don't think that that
parameters such as "aa", "rk", "uv" are great in the web API.  The
browser/client/platform will need to read and interpret these values before
it translates them into on-the-wire requests to authenticators.  It can
re-encode them at that point as "rk" and "uv".



Thanks!
-Alexei

*____**_**__**_**_**_**_**_**_**_**_**_*

            . Alexei Czeskis .:. Securineer .

On Wed, Sep 13, 2017 at 1:48 PM, Mike Jones <Michael.Jones@microsoft.com>
wrote:

> I just got onto a real computer and checked. These option names **are**
> passed as strings to authenticators. That’s why we choose the short names –
> with longer descriptive names in the text.
>
>
>
> See line 306 of fido-client-to-aurhenticator-protocol.html (master as of
> 10am yesterday) to see where the string “rk” is used as a parameter.  “uv”
> is in line 312.
>
>
>
> Again, please revert these name changes, as they introduce unnecessary
> inconsistencies and were apparently accepted on the false premise that the
> string values are not used in the protocol. They are used in the protocol.
>
>
>
> – Mike
>
>
>
> *From: *Mike Jones <Michael.Jones@microsoft.com>
> *Sent: *Wednesday, September 13, 2017 1:28 PM
> *To: *Alexei Czeskis <aczeskis@google.com>
> *Cc: *Alexei Czeskis via GitHub <sysbot+gh@w3.org>; public-webauthn@w3.org
> *Subject: *RE: [webauthn] new commits pushed by leshi
>
>
>
> I’m referring to using the new different long names in WebAuthn and the
> existing short names in CTAP when they refer to the same things.
>
>
>
> *From: *Alexei Czeskis <aczeskis@google.com>
> *Sent: *Wednesday, September 13, 2017 1:25 PM
> *To: *Mike Jones <Michael.Jones@microsoft.com>
> *Cc: *Alexei Czeskis via GitHub <sysbot+gh@w3.org>; public-webauthn@w3.org
> *Subject: *Re: [webauthn] new commits pushed by leshi
>
>
> Yes, the PRs were reviewed in today's call.
>
> > using different names for the same things in different places is a big
> step in the wrong direction.
> Not sure what you're referring to here.  Commits vs PRs?
>
>
> Thanks!
> -Alexei
>
> *____**_**__**_**_**_**_**_**_**_**_**_*
>
>             . Alexei Czeskis .:. Securineer .
>
> On Wed, Sep 13, 2017 at 1:21 PM, Mike Jones <Michael.Jones@microsoft.com>
> wrote:
>
>> Were the PRs reviewed on today’s call? I still think that using different
>> names for the same things in different places is a big step in the wrong
>> direction.
>>
>>
>>
>> *From: *Alexei Czeskis <aczeskis@google.com>
>> *Sent: *Wednesday, September 13, 2017 1:18 PM
>> *To: *Mike Jones <Michael.Jones@microsoft.com>
>> *Cc: *Alexei Czeskis via GitHub <sysbot+gh@w3.org>;
>> public-webauthn@w3.org
>> *Subject: *Re: [webauthn] new commits pushed by leshi
>>
>>
>> These were all merged into master as part of PRs, not directly.
>>
>>
>> Thanks!
>> -Alexei
>>
>> *____**_**__**_**_**_**_**_**_**_**_**_*
>>
>>             . Alexei Czeskis .:. Securineer .
>>
>> On Wed, Sep 13, 2017 at 1:14 PM, Mike Jones <Michael.Jones@microsoft.com>
>> wrote:
>>
>>> s/our a lot of effort/put a lot of effort/
>>>
>>>
>>>
>>> *From: *Mike Jones <Michael.Jones@microsoft.com>
>>> *Sent: *Wednesday, September 13, 2017 1:07 PM
>>> *To: *Alexei Czeskis via GitHub <sysbot+gh@w3.org>;
>>> public-webauthn@w3.org
>>> *Subject: *RE: [webauthn] new commits pushed by leshi
>>>
>>>
>>>
>>> I'm looking at this from a phone and so may be confused, but it looks to
>>> me like these changes were pushed to master rather than put into a PR for
>>> review. If so, please revert these changes.
>>>
>>>
>>>
>>> We have our a lot of effort into keeping the names in WebAuthn in sync
>>> with CTAP. This change is an unnecessary departure from this policy, which
>>> will confuse readers for no good reason.
>>>
>>>
>>>
>>> *From: *Alexei Czeskis via GitHub <sysbot+gh@w3.org>
>>> *Sent: *Wednesday, September 13, 2017 10:20 AM
>>> *To: *public-webauthn@w3.org
>>> *Subject: *[webauthn] new commits pushed by leshi
>>>
>>>
>>>
>>> The following commits were just pushed by leshi to
>>> https://github.com/w3c/webauthn:
>>>
>>> * using descriptive names for authenticator selection criteria (#555)
>>>
>>> Since we don't directly send the values of the
>>> AuthenticatorSelectionCriteria dictionary keys over the wire, it's ok to
>>> leave these values in a human-readable form.
>>>   by balfanz
>>> https://github.com/w3c/webauthn/commit/dcf793928221b1883f4c9
>>> ac4dd5264b570606e52
>>>
>>>
>>>
>>
>
Received on Wednesday, 13 September 2017 21:27:24 UTC