=JeffH
=JeffH via GitHub
- Re: [webauthn] fixup algs contd 3 (Saturday, 30 September)
- [webauthn] new commits pushed by equalsJeffH (Saturday, 30 September)
- Re: [webauthn] fixup algs contd 3 (Friday, 29 September)
- [webauthn] new commits pushed by equalsJeffH (Friday, 29 September)
- Re: [webauthn] fixup algs contd 3 (Wednesday, 27 September)
- [webauthn] address needs of various webauthn spec audiences (Wednesday, 27 September)
- Re: [webauthn] Address security and privacy issues witht the iconURL (Wednesday, 20 September)
- Re: [webauthn] Not clear what's executed in parallel in Section 4.1.3, Step 24.3 (Wednesday, 20 September)
- Re: [webauthn] fixup algs contd 3 (Wednesday, 13 September)
- Re: [webauthn] fixup algs contd 3 (Wednesday, 13 September)
- Re: [webauthn] keyType: "public-key" is superfluous (Tuesday, 12 September)
- Re: [webauthn] Refine meaning of PublicKeyCredentialType to be "signature & assertion format (and version thereof)" (Tuesday, 12 September)
- Re: [webauthn] using descriptive names for authenticator selection criteria (Tuesday, 12 September)
- Re: [webauthn] Sign counter alg 507 (Tuesday, 12 September)
- Re: [webauthn] undefined terms (Monday, 11 September)
- Re: [webauthn] #registering-a-new-credential step 10 breakage (Monday, 11 September)
- [webauthn] incosistent concatenation symbols - notational conventions section? (Monday, 11 September)
- [webauthn] #registering-a-new-credential step 10 breakage (Monday, 11 September)
- [webauthn] ensure #registering-a-new-credential step 10 and the inputs to all attStmt types' verification procedures match (Monday, 11 September)
- Re: [webauthn] fixup algs contd 3 (Friday, 8 September)
- [webauthn] new commits pushed by equalsJeffH (Friday, 8 September)
- Re: [webauthn] need description & illustrations of overall flow: authnr <--> platform API <--> RP (Thursday, 7 September)
- Re: [webauthn] Not necessary to pass AuthenticatorSelectionCriteria members to authenticatorMakeCredential() (Thursday, 7 September)
- Re: [webauthn] "might be present on this authenticator" could use a clearer definition (Wednesday, 6 September)
- Closed: [webauthn] "might be present on this authenticator" could use a clearer definition (Wednesday, 6 September)
- Closed: [webauthn] It would be nice if the definition of "Scoped Credential" said something about what `identifier` and `type` are (Wednesday, 6 September)
- Re: [webauthn] It would be nice if the definition of "Scoped Credential" said something about what `identifier` and `type` are (Wednesday, 6 September)
- Closed: [webauthn] Drop UAF references in favor of better explanation (Wednesday, 6 September)
- Re: [webauthn] Drop UAF references in favor of better explanation (Wednesday, 6 September)
- Re: [webauthn] restrict WebAuthentication API to only top level browsing context (Wednesday, 6 September)
- Re: [webauthn] parameter lists in #createCredential and #op-make-cred do not match (Wednesday, 6 September)
- Re: [webauthn] musings wrt webauthn's profile of COSE_Key (Tuesday, 5 September)
- [webauthn] musings wrt webauthn's profile of COSE_Key (Sunday, 3 September)
Ackermann Yuriy via GitHub
Adam Langley via GitHub
- Re: [webauthn] Make packed attestation format Privacy CA-friendly (Friday, 29 September)
- Re: [webauthn] Consider requiring canonical CBOR throughout (Friday, 15 September)
- Re: [webauthn] Sign counter alg 507 (Monday, 11 September)
- Re: [webauthn] Sign counter alg 507 (Saturday, 9 September)
- Re: [webauthn] Sign counter alg 507 (Friday, 8 September)
- Closed: [webauthn] Consider allowing authenticators to randomise signed hashes. (Tuesday, 5 September)
- Re: [webauthn] Consider allowing authenticators to randomise signed hashes. (Tuesday, 5 September)
- Re: [webauthn] Sign counter alg 507 (Tuesday, 5 September)
- Re: [webauthn] Consider allowing authenticators to randomise signed hashes. (Sunday, 3 September)
- Re: [webauthn] Sign counter alg 507 (Sunday, 3 September)
Adam Powers
Adam Powers via GitHub
Akshay Kumar via GitHub
- Re: [webauthn] Clean up COSEAlgorithmIdentifier loose ends (Monday, 25 September)
- Re: [webauthn] Where are rsaAlgName and eccAlgName defined? (Monday, 25 September)
- Re: [webauthn] Sign counter alg 507 (Friday, 22 September)
- Re: [webauthn] Plumb User ID through (Friday, 22 September)
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague (Friday, 22 September)
- Re: [webauthn] Plumb User ID through (Friday, 22 September)
- Re: [webauthn] Plumb User ID through (Friday, 22 September)
- Re: [webauthn] include public key in result from create() (Tuesday, 19 September)
- Re: [webauthn] Consider dropping requirement for TUP on create() (Tuesday, 19 September)
- Re: [webauthn] Clarify excludeCredentialDescriptorList (Tuesday, 19 September)
- Re: [webauthn] Where are rsaAlgName and eccAlgName defined? (Tuesday, 19 September)
- Re: [webauthn] Not clear what to do with cross platform authenticators during make-an-assertion step (Tuesday, 19 September)
- Re: [webauthn] Consider dropping requirement for TUP on create() (Thursday, 14 September)
- Re: [webauthn] Consider dropping requirement for TUP on create() (Thursday, 14 September)
- Re: [webauthn] user id should be returned in get() (Wednesday, 13 September)
- Re: [webauthn] include public key in result from create() (Saturday, 9 September)
- Re: [webauthn] user id should be returned in get() (Saturday, 9 September)
- Re: [webauthn] Sign counter alg 507 (Wednesday, 6 September)
- Re: [webauthn] Sign counter alg 507 (Tuesday, 5 September)
- Re: [webauthn] musings wrt webauthn's profile of COSE_Key (Monday, 4 September)
- Re: [webauthn] change "credential public key" to "user public key" (Monday, 4 September)
Alexei Czeskis
Alexei Czeskis via GitHub
- Re: [webauthn] Plumb User ID through (Thursday, 21 September)
- Re: [webauthn] restrict WebAuthentication API to only top level browsing context (Tuesday, 19 September)
- [webauthn] Not clear what to do with cross platform authenticators during make-an-assertion step (Monday, 18 September)
- Re: [webauthn] authenticatorMakeCredential has an excludeCredentialDescriptorList parameter, but doesn't do anything with it (Monday, 18 September)
- [webauthn] How should the browser handle CredentialMediationRequirement for public key credentials? (Thursday, 14 September)
- [webauthn] preventSilentAccess() -- what effect does calling it have? (Thursday, 14 September)
- Re: [webauthn] Address security and privacy issues witht the iconURL (Thursday, 14 September)
- Re: [webauthn] imageURL privacy (Thursday, 14 September)
- Re: [webauthn] Add uaf attestation format (Thursday, 14 September)
- Re: [webauthn] Add credential type uaf (Thursday, 14 September)
- Re: [webauthn] keyType: "public-key" is superfluous (Thursday, 14 September)
- Re: [webauthn] keyType: "public-key" is superfluous (Thursday, 14 September)
- Re: [webauthn] keyType: "public-key" is superfluous (Thursday, 14 September)
- Re: [webauthn] Plumb User ID through (Thursday, 14 September)
- Re: [webauthn] include public key in result from create() (Thursday, 14 September)
- [webauthn] new commits pushed by leshi (Wednesday, 13 September)
- [webauthn] new commits pushed by leshi (Wednesday, 13 September)
- Re: [webauthn] using descriptive names for authenticator selection criteria (Wednesday, 13 September)
- Closed: [webauthn] The description for creating a new credential has the browser prompting the user for consent (Wednesday, 13 September)
- [webauthn] new commits pushed by leshi (Wednesday, 13 September)
- [webauthn] new commits pushed by leshi (Friday, 8 September)
- [webauthn] The description for creating a new credential has the browser prompting the user for consent (Friday, 8 September)
- [webauthn] .store() is confusing (Friday, 8 September)
- Closed: [webauthn] The authenticatorMakeCredential operation section doesn't specify how to pass extensions to authenticator (Friday, 8 September)
- Re: [webauthn] The authenticatorMakeCredential operation section doesn't specify how to pass extensions to authenticator (Friday, 8 September)
- [webauthn] The authenticatorMakeCredential operation section doesn't specify how to pass extensions to authenticator (Friday, 8 September)
- [webauthn] "Authenticator extension processing" is likely wrong (Friday, 8 September)
Angelo Liao
Angelo Liao via GitHub
- Re: [webauthn] include public key in result from create() (Wednesday, 27 September)
- [webauthn] new commits pushed by AngeloKai (Friday, 22 September)
- Closed: [webauthn] authenticatorMakeCredential has an excludeCredentialDescriptorList parameter, but doesn't do anything with it (Friday, 22 September)
- Re: [webauthn] Clarify excludeCredentialDescriptorList (Friday, 22 September)
- [webauthn] new commits pushed by AngeloKai (Wednesday, 20 September)
- Closed: [webauthn] [PR 384] Does requireUserMediation() make sense after merge (Friday, 15 September)
- Re: [webauthn] [PR 384] Does requireUserMediation() make sense after merge (Friday, 15 September)
- Re: [webauthn] imageURL privacy (Friday, 15 September)
- Re: [webauthn] imageURL privacy (Friday, 15 September)
- Re: [webauthn] include public key in result from create() (Friday, 15 September)
- Re: [webauthn] user id should be returned in get() (Friday, 15 September)
- Closed: [webauthn] An issue about setAttestationChallenge() in "android-key" attestation statement (Thursday, 14 September)
- Re: [webauthn] Safetynet attestation does not return byte array as a response. (Thursday, 14 September)
- Re: [webauthn] include public key in result from create() (Thursday, 14 September)
- Re: [webauthn] include public key in result from create() (Thursday, 14 September)
- Re: [webauthn] .store() is confusing (Monday, 11 September)
- Re: [webauthn] Not clear what's executed in parallel in Section 4.1.3, Step 24.3 (Monday, 11 September)
- Re: [webauthn] .store() is confusing (Friday, 8 September)
- Re: [webauthn] Fix Android attestation (Friday, 8 September)
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ (Friday, 8 September)
- Closed: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ (Friday, 8 September)
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ (Friday, 8 September)
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ (Friday, 8 September)
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ (Friday, 8 September)
- Re: [webauthn] restrict WebAuthentication API to only top level browsing context (Thursday, 7 September)
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ (Thursday, 7 September)
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ (Thursday, 7 September)
- Re: [webauthn] need description & illustrations of overall flow: authnr <--> platform API <--> RP (Thursday, 7 September)
- Re: [webauthn] The W3C HTML spec is broken, and probably shouldn't be referenced (Wednesday, 6 September)
- Re: [webauthn] It would be nice if the definition of "Scoped Credential" said something about what `identifier` and `type` are (Wednesday, 6 September)
- Closed: [webauthn] Specify what happens when the Client receives invalid CBOR (Wednesday, 6 September)
- Re: [webauthn] Specify what happens when the Client receives invalid CBOR (Wednesday, 6 September)
- Closed: [webauthn] authenticatorGetAssertion showing selection UI for external authenticators (Wednesday, 6 September)
- Re: [webauthn] authenticatorGetAssertion showing selection UI for external authenticators (Wednesday, 6 September)
- Re: [webauthn] remove "required" on ScopedCredentialDescriptor.id (Wednesday, 6 September)
- Re: [webauthn] Not necessary to pass AuthenticatorSelectionCriteria members to authenticatorMakeCredential() (Wednesday, 6 September)
- Re: [webauthn] Make create() and get() abortable (Wednesday, 6 September)
- Re: [webauthn] Make create() and get() abortable (Wednesday, 6 September)
- Re: [webauthn] Make create() and get() abortable (Wednesday, 6 September)
- Re: [webauthn] Make create() and get() abortable (Wednesday, 6 September)
- Re: [webauthn] Consider allowing authenticators to randomise signed hashes. (Tuesday, 5 September)
- Re: [webauthn] rename "attestation data" to be "attested credential" (Saturday, 2 September)
- Re: [webauthn] Consider allowing authenticators to randomise signed hashes. (Saturday, 2 September)
- Re: [webauthn] FIDO U2F Attestation Statement Format doesn't say what to do with AAGUID (Saturday, 2 September)
- Re: [webauthn] Not necessary to pass AuthenticatorSelectionCriteria members to authenticatorMakeCredential() (Saturday, 2 September)
- Re: [webauthn] change "credential public key" to "user public key" (Saturday, 2 September)
- Closed: [webauthn] Must returned extensions be mathematically proper subsets of requested extensions? (Friday, 1 September)
- Re: [webauthn] Must returned extensions be mathematically proper subsets of requested extensions? (Friday, 1 September)
- [webauthn] new commits pushed by AngeloKai (Friday, 1 September)
- Re: [webauthn] Remove "proper subset" from extension algorithm (Friday, 1 September)
Anne van Kesteren via GitHub
Anthony Nadalin
Anthony Nadalin via GitHub
- Re: [webauthn] Plumb User ID through (Friday, 22 September)
- Re: [webauthn] user id should be returned in get() (Friday, 15 September)
- Re: [webauthn] include public key in result from create() (Friday, 15 September)
- Re: [webauthn] #registering-a-new-credential step 10 breakage (Friday, 15 September)
- Re: [webauthn] Consider dropping requirement for TUP on create() (Friday, 15 September)
- Re: [webauthn] Consider dropping requirement for TUP on create() (Thursday, 14 September)
- Re: [webauthn] Consider dropping requirement for TUP on create() (Thursday, 14 September)
- Re: [webauthn] Add credential type uaf (Thursday, 14 September)
- Re: [webauthn] Include Constants for COSE Algorithm Numbers (Wednesday, 13 September)
- Re: [webauthn] Not clear what's executed in parallel in Section 4.1.3, Step 24.3 (Wednesday, 13 September)
- Re: [webauthn] include public key in result from create() (Wednesday, 13 September)
- Re: [webauthn] Address security and privacy issues witht the iconURL (Wednesday, 13 September)
- Re: [webauthn] Sign counter alg 507 (Wednesday, 13 September)
- Re: [webauthn] Address security and privacy issues witht the iconURL (Tuesday, 12 September)
- Re: [webauthn] Remove user agent getting user consent sentence (Tuesday, 12 September)
- Re: [webauthn] fixup algs contd 3 (Tuesday, 12 September)
- Re: [webauthn] .store() is confusing (Monday, 11 September)
- Re: [webauthn] keyType: "public-key" is superfluous (Friday, 8 September)
- Re: [webauthn] Move {#sample-scenarios} (currently Section 10) to the top of the doc (Friday, 8 September)
- Re: [webauthn] "Authenticator extension processing" is likely wrong (Friday, 8 September)
- Re: [webauthn] should authenticatorExtensions really be a dictionary? (Friday, 8 September)
- Re: [webauthn] impl guidelines for signature counter (Friday, 8 September)
- Re: [webauthn] Sign counter alg 507 (Friday, 8 September)
- Re: [webauthn] Make AuthenticatorSelectionCriteria more complete. (Thursday, 7 September)
- Re: [webauthn] basicIntegrity in SafetyNet documentation not sufficiently defined (Thursday, 7 September)
- Re: [webauthn] Android SafetyNet Attestation lacks information on authenticator provenance (Thursday, 7 September)
- Re: [webauthn] basicIntegrity in SafetyNet documentation not sufficiently defined (Thursday, 7 September)
- Re: [webauthn] ctsprofilematch in SafetyNet documentation not sufficiently defined (Thursday, 7 September)
- Re: [webauthn] Make AuthenticatorSelectionCriteria more complete. (Thursday, 7 September)
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ (Thursday, 7 September)
- Re: [webauthn] various issues with AppId extension (Thursday, 7 September)
- Re: [webauthn] #createCredential step 12 incorrectly refers to a timer (Thursday, 7 September)
- Re: [webauthn] RawId vs Id is confusing (Thursday, 7 September)
- Re: [webauthn] restrict WebAuthentication API to only top level browsing context (Thursday, 7 September)
- Re: [webauthn] "WebAuthn Authenticator model" seemingly prohibits random AAGUIDs (minor) (Thursday, 7 September)
- Re: [webauthn] Correct uses of "JSON string" versus "DOMString" and other string terminology usage (Thursday, 7 September)
- Re: [webauthn] Replace Authenticator Model with CTAP (Thursday, 7 September)
- Re: [webauthn] makeCredential should be more precise than NotAllowedError in its last step (Wednesday, 6 September)
- Re: [webauthn] UVM Extension Editorial Change (Wednesday, 6 September)
- Re: [webauthn] Refine meaning of PublicKeyCredentialType to be "signature & assertion format (and version thereof)" (Wednesday, 6 September)
- Re: [webauthn] The W3C HTML spec is broken, and probably shouldn't be referenced (Wednesday, 6 September)
- Re: [webauthn] Authenticator selection extension - should makeCredential fail if no specified authenticator can be found? (Wednesday, 6 September)
- Re: [webauthn] Consider using USVString instead of DOMString sometimes (Wednesday, 6 September)
- Re: [webauthn] New research suggest using ED512 instead of ED256. (Wednesday, 6 September)
- Re: [webauthn] Drop UAF references in favor of better explanation (Wednesday, 6 September)
- Re: [webauthn] restrict WebAuthentication API to only top level browsing context (Tuesday, 5 September)
Axel Nennker via GitHub
balfanz via GitHub
- Re: [webauthn] include public key in result from create() (Wednesday, 27 September)
- [webauthn] Make packed attestation format Privacy CA-friendly (Tuesday, 26 September)
- Re: [webauthn] include public key in result from create() (Tuesday, 19 September)
- Re: [webauthn] preventSilentAccess() -- what effect does calling it have? (Tuesday, 19 September)
- Re: [webauthn] How should the browser handle CredentialMediationRequirement for public key credentials? (Tuesday, 19 September)
- [webauthn] new commits pushed by balfanz (Monday, 18 September)
- Closed: [webauthn] should authenticatorExtensions really be a dictionary? (Monday, 18 September)
- Re: [webauthn] include public key in result from create() (Monday, 18 September)
- [webauthn] authenticatorMakeCredential has an excludeCredentialDescriptorList parameter, but doesn't do anything with it (Friday, 15 September)
- Re: [webauthn] keyType: "public-key" is superfluous (Friday, 15 September)
- Re: [webauthn] Consider dropping requirement for TUP on create() (Thursday, 14 September)
- Re: [webauthn] Consider dropping requirement for TUP on create() (Thursday, 14 September)
- Re: [webauthn] Consider dropping requirement for TUP on create() (Thursday, 14 September)
- [webauthn] Consider dropping requirement for TUP on create() (Thursday, 14 September)
- [webauthn] Not clear what's executed in parallel in Section 4.1.3, Step 24.3 (Friday, 8 September)
- Re: [webauthn] should authenticatorExtensions really be a dictionary? (Friday, 8 September)
- Re: [webauthn] include public key in result from create() (Friday, 8 September)
- [webauthn] include public key in PublicKeyCredential (Friday, 8 September)
- [webauthn] user id should be returned in get() (Friday, 8 September)
- [webauthn] new commits pushed by balfanz (Friday, 8 September)
- [webauthn] keyType: "public-key" is superfluous (Friday, 8 September)
- [webauthn] should authenticatorExtensions really be a dictionary? (Friday, 8 September)
- [webauthn] Key types and algorithms are confusing (Friday, 8 September)
- [webauthn] new commits pushed by balfanz (Friday, 8 September)
Boris Zbarsky via GitHub
Christiaan Brand via GitHub
- Re: [webauthn] Plumb User ID through (Thursday, 28 September)
- [webauthn] new commits pushed by christiaanbrand (Thursday, 28 September)
- Closed: [webauthn] "Authenticator extension processing" is likely wrong (Thursday, 28 September)
- [webauthn] Change user.id examples to binary encoding. (Thursday, 28 September)
- [webauthn] new commits pushed by christiaanbrand (Thursday, 28 September)
- Re: [webauthn] Restore identifier alignment with CTAP and WD-06 (Thursday, 28 September)
- [webauthn] new commits pushed by christiaanbrand (Thursday, 28 September)
- Closed: [webauthn] Safetynet attestation does not return byte array as a response. (Thursday, 28 September)
- Closed: [webauthn] Make U2F Attestation Format "sig" more precise (Thursday, 28 September)
- [webauthn] new commits pushed by christiaanbrand (Thursday, 28 September)
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague (Monday, 25 September)
- Re: [webauthn] Plumb User ID through (Friday, 22 September)
- Re: [webauthn] Plumb User ID through (Friday, 22 September)
- Re: [webauthn] Plumb User ID through (Wednesday, 20 September)
- Re: [webauthn] Plumb User ID through (Wednesday, 20 September)
christiaanbrand via GitHub
- [webauthn] isPlatformAuthenticatorAvailable() timeout really 10 minutes? (Monday, 18 September)
- Re: [webauthn] .store() is confusing (Monday, 18 September)
- Re: [webauthn] Consider dropping requirement for TUP on create() (Monday, 18 September)
- Re: [webauthn] authenticatorMakeCredential has an excludeCredentialDescriptorList parameter, but doesn't do anything with it (Monday, 18 September)
- Re: [webauthn] Plumb User ID through (Monday, 18 September)
- Re: [webauthn] user id should be returned in get() (Wednesday, 13 September)
- Re: [webauthn] Fix Android attestation (Saturday, 9 September)
- Re: [webauthn] An issue about setAttestationChallenge() in "android-key" attestation statement (Saturday, 9 September)
- Re: [webauthn] Sign counter alg 507 (Friday, 8 September)
- Re: [webauthn] Sign counter alg 507 (Friday, 8 September)
- Re: [webauthn] Sign counter alg 507 (Friday, 8 September)
Denis Pinkas
Emil Lundberg via GitHub
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague (Monday, 25 September)
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague (Monday, 25 September)
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague (Sunday, 24 September)
- Re: [webauthn] user id should be returned in get() (Saturday, 23 September)
- Re: [webauthn] Plumb User ID through (Saturday, 23 September)
- Re: [webauthn] Plumb User ID through (Friday, 22 September)
- Closed: [webauthn] Credential ID uniqueness expectations are inconsistent/vague (Friday, 22 September)
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague (Friday, 22 September)
- Re: [webauthn] user id should be returned in get() (Friday, 22 September)
- Re: [webauthn] Plumb User ID through (Friday, 22 September)
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague (Friday, 22 September)
- Re: [webauthn] Plumb User ID through (Friday, 22 September)
- [webauthn] Credential ID uniqueness expectations are inconsistent/vague (Friday, 22 September)
- Re: [webauthn] CDDL for attStmtType is confusing (Friday, 22 September)
- Re: [webauthn] include public key in result from create() (Wednesday, 20 September)
- Re: [webauthn] RP guidelines should allow RP to not check attestation (Tuesday, 19 September)
- Re: [webauthn] RP guidelines should allow RP to not check attestation (Tuesday, 19 September)
- Re: [webauthn] Plumb User ID through (Tuesday, 19 September)
- Re: [webauthn] include public key in result from create() (Tuesday, 19 September)
- Re: [webauthn] #registering-a-new-credential step 10 breakage (Saturday, 16 September)
- Re: [webauthn] user id should be returned in get() (Friday, 15 September)
- Re: [webauthn] Plumb User ID through (Friday, 15 September)
- Re: [webauthn] include public key in result from create() (Friday, 15 September)
- Re: [webauthn] #registering-a-new-credential step 10 breakage (Friday, 15 September)
- [webauthn] Where are rsaAlgName and eccAlgName defined? (Friday, 15 September)
- Re: [webauthn] U2F Attestation only lists Basic Attestation as supported (Monday, 11 September)
- Re: [webauthn] Sign counter alg 507 (Friday, 8 September)
- Re: [webauthn] Must returned extensions be mathematically proper subsets of requested extensions? (Friday, 1 September)
GitHub
- [w3c/webauthn] a1b998: fix indents make BS happy, add some periods (Saturday, 30 September)
- [w3c/webauthn] 14c273: fix proper subset tweak (#542) (Friday, 29 September)
- [w3c/webauthn] 5e5060: Built by Travis-CI: 3ee8ed586c2ce62f7a4180cb9dcf0d... (Thursday, 28 September)
- [w3c/webauthn] 0141d9: Corrected inaccuracy in authenticator extension pr... (Thursday, 28 September)
- [w3c/webauthn] 42a7e6: Built by Travis-CI: d96d7668a53bfc463968bedc9d9b95... (Thursday, 28 September)
- [w3c/webauthn] 4aa72b: Fix syntax errors in JavaScript examples. (Thursday, 28 September)
- [w3c/webauthn] 27d71f: Built by Travis-CI: 6589a1013cd776da57d704eb8508fc... (Thursday, 28 September)
- [w3c/webauthn] d9d171: Built by Travis-CI: 96b9a982b235144816abaaa6517d36... (Thursday, 28 September)
- [w3c/webauthn] 6e45cc: Clarify Safetynet attestation return value (Thursday, 28 September)
- [w3c/webauthn] 5502d4: Clarifying signing procedure for U2F attestation (Thursday, 28 September)
- [w3c/webauthn] a7dd80: Built by Travis-CI: 26552c41d086f46be877018dc2c8b0... (Thursday, 28 September)
- [w3c/webauthn] 26552c: Make user.id a byte array (#586) (Thursday, 28 September)
- [w3c/webauthn] 467f31: Built by Travis-CI: 2ec526743c1fe42ea602fa31d47eed... (Thursday, 28 September)
- [w3c/webauthn] 2ec526: Clean up COSEAlgorithmIdentifier loose ends (#580) (Thursday, 28 September)
- [w3c/webauthn] 757240: Built by Travis-CI: 67e922c011aeb2668fd7adfaf75d7f... (Friday, 22 September)
- [w3c/webauthn] 67e922: Clarify excludeCredentialDescriptorList (#573) (Friday, 22 September)
- [w3c/webauthn] 8e8219: Built by Travis-CI: f37cfc5dfd074832ab61ed299d1ee7... (Wednesday, 20 September)
- [w3c/webauthn] f37cfc: Address security and privacy issues witht the icon... (Wednesday, 20 September)
- [w3c/webauthn] 5502d4: Clarifying signing procedure for U2F attestation (Monday, 18 September)
- [w3c/webauthn] 1dce39: Built by Travis-CI: db1be8059b02cb8981fbe0229f6d1e... (Wednesday, 13 September)
- [w3c/webauthn] db1be8: Fix Android attestation (#546) (Wednesday, 13 September)
- [w3c/webauthn] f8943a: Built by Travis-CI: dcf793928221b1883f4c9ac4dd5264... (Wednesday, 13 September)
- [w3c/webauthn] dcf793: using descriptive names for authenticator selectio... (Wednesday, 13 September)
- [w3c/webauthn] 14adaa: Built by Travis-CI: eb401b78e218af43715e426ea1825f... (Wednesday, 13 September)
- [w3c/webauthn] eb401b: Remove user agent getting user consent sentence (#... (Wednesday, 13 September)
- [w3c/webauthn] 4a376b: removed signing procedure details and referred to ... (Wednesday, 13 September)
- [w3c/webauthn] 2465b4: updating signcounter consideration according to su... (Wednesday, 13 September)
- [w3c/webauthn] 92b5bf: addressed second last comment (Wednesday, 13 September)
- [w3c/webauthn] 7a8ad4: more corrections according to the comments in the ... (Wednesday, 13 September)
- [w3c/webauthn] 2465b4: updating signcounter consideration according to su... (Tuesday, 12 September)
- [w3c/webauthn] ee384b: added alternative: MSB to indicate signCounter sup... (Tuesday, 12 September)
- [w3c/webauthn] ad54fb: correction: bikeshed still wants spaces - not tabs (Monday, 11 September)
- [w3c/webauthn] bc8e9a: corrected phrase as indicated by equalsJeffH (Monday, 11 September)
- [w3c/webauthn] df905a: using descriptive names for authenticator selectio... (Friday, 8 September)
- [w3c/webauthn] 1559de: Remove user agent getting user consent sentence (Friday, 8 September)
- [w3c/webauthn] 20827e: typo (Friday, 8 September)
- [w3c/webauthn] 14c273: fix proper subset tweak (#542) (Friday, 8 September)
- [w3c/webauthn] (Friday, 8 September)
- [w3c/webauthn] 1f096d: incorp comments from mikewest at webappsec-credent... (Friday, 8 September)
- [w3c/webauthn] 515acc: Built by Travis-CI: 14c2733ca6a4a9568e4c48fef1b870... (Friday, 1 September)
- [w3c/webauthn] 14c273: fix proper subset tweak (#542) (Friday, 1 September)
gmandyam via GitHub
Hodges, Jeff
Ibrahim Damlaj via GitHub
J.C. Jones
J.C. Jones via GitHub
Jakob Ehrensvard via GitHub
Jakob Ehrensvärd
James Barclay via GitHub
James Manger via GitHub
Janina Sajka
Jeffrey Yasskin via GitHub
Johan Verrept
Johan Verrept via GitHub
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague (Monday, 25 September)
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague (Sunday, 24 September)
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague (Friday, 22 September)
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague (Friday, 22 September)
- Re: [webauthn] Plumb User ID through (Thursday, 21 September)
- Re: [webauthn] Consider requiring canonical CBOR throughout (Wednesday, 13 September)
- Re: [webauthn] Consider requiring canonical CBOR throughout (Tuesday, 12 September)
- Re: [webauthn] Sign counter alg 507 (Monday, 11 September)
- Re: [webauthn] Sign counter alg 507 (Monday, 11 September)
- Re: [webauthn] Sign counter alg 507 (Tuesday, 5 September)
- Re: [webauthn] Consider requiring canonical CBOR throughout (Monday, 4 September)
John Bradley
John Bradley via GitHub
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague (Friday, 22 September)
- Re: [webauthn] Privacy Considerations should describe risks of storing userID/displayName in "second-factor" authenticators (Thursday, 21 September)
- Re: [webauthn] Sign counter alg 507 (Saturday, 9 September)
- Re: [webauthn] basicIntegrity in SafetyNet documentation not sufficiently defined (Friday, 8 September)
- Re: [webauthn] Sign counter alg 507 (Friday, 8 September)
- Re: [webauthn] Sign counter alg 507 (Friday, 8 September)
- Re: [webauthn] Key types and algorithms are confusing (Friday, 8 September)
- Re: [webauthn] Sign counter alg 507 (Friday, 8 September)
- Re: [webauthn] impl guidelines for signature counter (Friday, 8 September)
- Re: [webauthn] Android SafetyNet Attestation lacks information on authenticator provenance (Thursday, 7 September)
- Re: [webauthn] Sign counter alg 507 (Wednesday, 6 September)
- Re: [webauthn] Sign counter alg 507 (Wednesday, 6 September)
John Fontana
Ki-Eun Shin via GitHub
- Re: [webauthn] Make packed attestation format Privacy CA-friendly (Saturday, 30 September)
- [webauthn] Need to fix android key attestation verification procedure (Friday, 29 September)
- Re: [webauthn] Make packed attestation format Privacy CA-friendly (Friday, 29 September)
- [webauthn] Description of attestation signature generation for ECDAA needs to be fixed. (Wednesday, 27 September)
- [webauthn] Need to remove the term "authentication key" in self attestation description (Wednesday, 27 September)
- [webauthn] No way to select an intended authenticator during authentication with attachment info (Tuesday, 26 September)
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague (Monday, 25 September)
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague (Monday, 25 September)
- Re: [webauthn] Fix Android attestation (Thursday, 21 September)
- [webauthn] No description regarding representation of credential Id length (Monday, 18 September)
- [webauthn] Safetynet attestation does not return byte array as a response. (Tuesday, 12 September)
kpaulh via GitHub
Mike Jones
Mike Jones via GitHub
- Re: [webauthn] Sign counter alg 507 alternative: optional sig counter (Thursday, 28 September)
- Re: [webauthn] Sign counter alg 507 alternative: optional sig counter (Thursday, 28 September)
- Re: [webauthn] "Authenticator extension processing" is likely wrong (Thursday, 28 September)
- Re: [webauthn] Key types and algorithms are confusing (Thursday, 28 September)
- [webauthn] new commits pushed by selfissued (Thursday, 28 September)
- Closed: [webauthn] Where are rsaAlgName and eccAlgName defined? (Thursday, 28 September)
- [webauthn] new commits pushed by selfissued (Thursday, 28 September)
- Re: [webauthn] Clean up COSEAlgorithmIdentifier loose ends (Tuesday, 26 September)
- Re: [webauthn] Where are rsaAlgName and eccAlgName defined? (Monday, 25 September)
- Re: [webauthn] Where are rsaAlgName and eccAlgName defined? (Monday, 25 September)
- Re: [webauthn] Consider requiring canonical CBOR throughout (Tuesday, 12 September)
- Re: [webauthn] Consider requiring canonical CBOR throughout (Monday, 11 September)
- Closed: [webauthn] Consider requiring canonical CBOR throughout (Monday, 11 September)
- Re: [webauthn] basicIntegrity in SafetyNet documentation not sufficiently defined (Thursday, 7 September)
- Re: [webauthn] basicIntegrity in SafetyNet documentation not sufficiently defined (Thursday, 7 September)
- Closed: [webauthn] makeCredential should be more precise than NotAllowedError in its last step (Thursday, 7 September)
- Re: [webauthn] makeCredential should be more precise than NotAllowedError in its last step (Thursday, 7 September)
- Closed: [webauthn] New research suggest using ED512 instead of ED256. (Wednesday, 6 September)
- Re: [webauthn] New research suggest using ED512 instead of ED256. (Wednesday, 6 September)
- Re: [webauthn] Consider using USVString instead of DOMString sometimes (Wednesday, 6 September)
- Closed: [webauthn] Consider using USVString instead of DOMString sometimes (Wednesday, 6 September)
- Re: [webauthn] FIDO U2F Attestation Statement Format doesn't say what to do with AAGUID (Wednesday, 6 September)
Mike West via GitHub
r12a via GitHub
Rolf Lindemann via GitHub
- Re: [webauthn] Where are rsaAlgName and eccAlgName defined? (Monday, 25 September)
- Re: [webauthn] fixup algs contd 3 (Wednesday, 20 September)
- Re: [webauthn] keyType: "public-key" is superfluous (Wednesday, 20 September)
- Re: [webauthn] keyType: "public-key" is superfluous (Thursday, 14 September)
- [webauthn] new commits pushed by rlin1 (Wednesday, 13 September)
- Re: [webauthn] user id should be returned in get() (Wednesday, 13 September)
- [webauthn] new commits pushed by rlin1 (Wednesday, 13 September)
- Re: [webauthn] Sign counter alg 507 (Wednesday, 13 September)
- [webauthn] new commits pushed by rlin1 (Wednesday, 13 September)
- [webauthn] new commits pushed by rlin1 (Wednesday, 13 September)
- [webauthn] new commits pushed by rlin1 (Tuesday, 12 September)
- Re: [webauthn] Sign counter alg 507 (Tuesday, 12 September)
- [webauthn] new commits pushed by rlin1 (Tuesday, 12 September)
- Re: [webauthn] keyType: "public-key" is superfluous (Tuesday, 12 September)
- Re: [webauthn] Not necessary to pass AuthenticatorSelectionCriteria members to authenticatorMakeCredential() (Tuesday, 12 September)
- [webauthn] new commits pushed by rlin1 (Monday, 11 September)
- [webauthn] new commits pushed by rlin1 (Monday, 11 September)
- Re: [webauthn] Sign counter alg 507 (Monday, 11 September)
- Re: [webauthn] Sign counter alg 507 (Friday, 8 September)
- [webauthn] new commits pushed by rlin1 (Friday, 8 September)
- Re: [webauthn] impl guidelines for signature counter (Friday, 8 September)
- Re: [webauthn] Sign counter alg 507 (Friday, 8 September)
- [webauthn] new commits pushed by rlin1 (Friday, 8 September)
- Re: [webauthn] Sign counter alg 507 (Friday, 8 September)
- Re: [webauthn] Sign counter alg 507 (Friday, 8 September)
- Re: [webauthn] Sign counter alg 507 (Friday, 8 September)
- Re: [webauthn] impl guidelines for signature counter (Friday, 8 September)
- Re: [webauthn] Sign counter alg 507 (Wednesday, 6 September)
WebAuthnBot via GitHub
- [webauthn] new commits pushed by WebAuthnBot (Thursday, 28 September)
- [webauthn] new commits pushed by WebAuthnBot (Thursday, 28 September)
- [webauthn] new commits pushed by WebAuthnBot (Thursday, 28 September)
- [webauthn] new commits pushed by WebAuthnBot (Thursday, 28 September)
- [webauthn] new commits pushed by WebAuthnBot (Thursday, 28 September)
- [webauthn] new commits pushed by WebAuthnBot (Thursday, 28 September)
- [webauthn] new commits pushed by WebAuthnBot (Friday, 22 September)
- [webauthn] new commits pushed by WebAuthnBot (Wednesday, 20 September)
- [webauthn] new commits pushed by WebAuthnBot (Wednesday, 13 September)
- [webauthn] new commits pushed by WebAuthnBot (Wednesday, 13 September)
- [webauthn] new commits pushed by WebAuthnBot (Wednesday, 13 September)
- [webauthn] new commits pushed by WebAuthnBot (Friday, 1 September)
Last message date: Saturday, 30 September 2017 23:41:03 UTC