W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] include public key in result from create()

From: Alexei Czeskis via GitHub <sysbot+gh@w3.org>
Date: Thu, 14 Sep 2017 19:55:13 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-329591144-1505418902-sysbot+gh@w3.org>
@idamlaj: we miss you on the call ;) Join there for all the fun discussions and heart-wrenching emotions.  The goal of this proposal is to not make relying parties that don't care about attestation parse the attestation to get the public key.  There are two things that all RPs will care about: 1) credential ID and 2) the public key.  (1) was already pulled out to the top level result of .create() -- this is done by the browser, now we need to do the same with (2) -- it will need to be done by the browser after pulling out (1).

@AngeloKai: Thanks for finding those!  That was super helpful! :) . That PR is HUGE!!  Maybe we avoid such large PRs in the future?  I looked at the meeting minutes and the PR discussion and did not find any explanation for why the public key was a casualty in the PR.  Did I miss something?

-- 
GitHub Notification of comment by leshi
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/557#issuecomment-329591144 using your GitHub account
Received on Thursday, 14 September 2017 19:55:06 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC