W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Plumb User ID through

From: Jakob Ehrensvärd <jakob@yubico.com>
Date: Thu, 21 Sep 2017 11:11:14 -0700
Message-ID: <CAPQ+p=mLVR4LZYeze0gg2394=z4=P+RXU=0Dyn95drfQJ84Jmg@mail.gmail.com>
To: Johan Verrept via GitHub <sysbot+gh@w3.org>
Cc: W3C WebAuthn WG <public-webauthn@w3.org> 
> Credential IDs are not guaranteed unique in any way. Unless I missed
> something in the specs, it is perfectly valid to store all data locally and
> return a single byte key index.

Then, I believe I've missed something important here. The credential
ID must be a unique identifier, just like the U2F key handle. We make
the CTAP2 credential ID equal to the U2F key handle, so a U2F
credential can be used with WebAuthN and vice-versa.

For resident credentials, we generate a credential ID from the public
key, making this a 128-bit identifier.

Did I ge this wrong ?
Received on Thursday, 21 September 2017 18:13:52 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC