Re: [webauthn] include public key in result from create()

>The goal of this proposal is to not make relying parties that don't care about attestation parse the attestation to get the public key. There are two things that all RPs will care about: 1) credential ID and 2) the public key.

Weighing in as an RP implementer: What would really be the difference between parsing a `publicKey` property on the root object as opposed to parsing the authenticator data? If you don't care about attestation trust it's already perfectly possible to get at the public key without parsing the attestation statement, if that's what you mean.

Either way it seems unlikely to me that any one "friendly format" would be easily usable for all RP implementation platforms (Java, JavaScript, Python, Ruby, ...), so I'm not sure about the value of duplicating the data. It would also complicate RP implementation with having to decide what to do if the copies disagree.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/557#issuecomment-329749093 using your GitHub account

Received on Friday, 15 September 2017 10:51:35 UTC