Saturday, 30 September 2017
- Re: [webauthn] fixup algs contd 3
- [w3c/webauthn] a1b998: fix indents make BS happy, add some periods
- [webauthn] new commits pushed by equalsJeffH
- Re: [webauthn] Make packed attestation format Privacy CA-friendly
Friday, 29 September 2017
- Re: [webauthn] Make packed attestation format Privacy CA-friendly
- Re: [webauthn] fixup algs contd 3
- Re: [webauthn] PR#498 fixup algs contd 3
- [webauthn] Need to fix android key attestation verification procedure
- [w3c/webauthn] 14c273: fix proper subset tweak (#542)
- [webauthn] new commits pushed by equalsJeffH
- @@EDITOR-ANCHOR in index.bs?
- Re: [webauthn] Make packed attestation format Privacy CA-friendly
Thursday, 28 September 2017
- Re: [webauthn] Plumb User ID through
- [w3c/webauthn] 5e5060: Built by Travis-CI: 3ee8ed586c2ce62f7a4180cb9dcf0d...
- [webauthn] new commits pushed by WebAuthnBot
- [w3c/webauthn] 0141d9: Corrected inaccuracy in authenticator extension pr...
- [webauthn] new commits pushed by christiaanbrand
- Closed: [webauthn] "Authenticator extension processing" is likely wrong
- [webauthn] Change user.id examples to binary encoding.
- [w3c/webauthn] 42a7e6: Built by Travis-CI: d96d7668a53bfc463968bedc9d9b95...
- [webauthn] new commits pushed by WebAuthnBot
- [w3c/webauthn] 4aa72b: Fix syntax errors in JavaScript examples.
- [webauthn] new commits pushed by christiaanbrand
- Re: [webauthn] Restore identifier alignment with CTAP and WD-06
- [w3c/webauthn] 27d71f: Built by Travis-CI: 6589a1013cd776da57d704eb8508fc...
- [webauthn] new commits pushed by WebAuthnBot
- [w3c/webauthn] d9d171: Built by Travis-CI: 96b9a982b235144816abaaa6517d36...
- [w3c/webauthn] 6e45cc: Clarify Safetynet attestation return value
- [webauthn] new commits pushed by WebAuthnBot
- [webauthn] new commits pushed by christiaanbrand
- Closed: [webauthn] Safetynet attestation does not return byte array as a response.
- [w3c/webauthn] 5502d4: Clarifying signing procedure for U2F attestation
- Closed: [webauthn] Make U2F Attestation Format "sig" more precise
- [webauthn] new commits pushed by christiaanbrand
- Re: [webauthn] Sign counter alg 507 alternative: optional sig counter
- Re: [webauthn] Sign counter alg 507 alternative: optional sig counter
- Re: [webauthn] "Authenticator extension processing" is likely wrong
- Re: [webauthn] Key types and algorithms are confusing
- [w3c/webauthn] a7dd80: Built by Travis-CI: 26552c41d086f46be877018dc2c8b0...
- [webauthn] new commits pushed by WebAuthnBot
- [w3c/webauthn] 467f31: Built by Travis-CI: 2ec526743c1fe42ea602fa31d47eed...
- [w3c/webauthn] 26552c: Make user.id a byte array (#586)
- [webauthn] new commits pushed by selfissued
- [webauthn] new commits pushed by WebAuthnBot
- [w3c/webauthn] 2ec526: Clean up COSEAlgorithmIdentifier loose ends (#580)
- Closed: [webauthn] Where are rsaAlgName and eccAlgName defined?
- [webauthn] new commits pushed by selfissued
Wednesday, 27 September 2017
- Updated Web Platform Tests
- Re: [webauthn] Fix syntax errors in JavaScript examples.
- Re: [webauthn] include public key in result from create()
- [webauthn] Examples should include non-ASCII [editorial]
- [webauthn] Display name content rules?
- [webauthn] Incorrect feedback link in 20160531 WD
- [webauthn] Description of attestation signature generation for ECDAA needs to be fixed.
- [webauthn] Need to remove the term "authentication key" in self attestation description
- [webauthn] User Verification Method (uvm) extension incorrectly mentions user verification *index*
- [webauthn] Extension identifiers in examples are inconsistent with registered identifiers
- PR #586 review submitted
- Re: [webauthn] Nothing required in PublicKeyCredentialEntity
- Re: [webauthn] Nothing required in PublicKeyCredentialEntity
- [webauthn] Nothing required in PublicKeyCredentialEntity
- Re: [webauthn] fixup algs contd 3
- [webauthn] address needs of various webauthn spec audiences
- Re: [webauthn] include public key in result from create()
Tuesday, 26 September 2017
- [webauthn] Make packed attestation format Privacy CA-friendly
- Re: [webauthn] Clean up COSEAlgorithmIdentifier loose ends
- RE: WebAuthn Spec Status
- Re: WebAuthn Spec Status
- [webauthn] No way to select an intended authenticator during authentication with attachment info
- please review credman PR#100 and webauthn PR#498.. (fixup algs contd 3)
Monday, 25 September 2017
- Re: [webauthn] Where are rsaAlgName and eccAlgName defined?
- Re: WebAuthn Spec Status
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague
- Re: [webauthn] Where are rsaAlgName and eccAlgName defined?
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague
- WebAuthn Spec Status
- Re: [webauthn] Clean up COSEAlgorithmIdentifier loose ends
- Re: [webauthn] Where are rsaAlgName and eccAlgName defined?
- Re: [webauthn] Where are rsaAlgName and eccAlgName defined?
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague
Sunday, 24 September 2017
- RE: [webauthn] Plumb User ID through
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague
Saturday, 23 September 2017
Friday, 22 September 2017
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] Plumb User ID through
- [w3c/webauthn] 757240: Built by Travis-CI: 67e922c011aeb2668fd7adfaf75d7f...
- [webauthn] new commits pushed by WebAuthnBot
- [w3c/webauthn] 67e922: Clarify excludeCredentialDescriptorList (#573)
- [webauthn] new commits pushed by AngeloKai
- Closed: [webauthn] authenticatorMakeCredential has an excludeCredentialDescriptorList parameter, but doesn't do anything with it
- Re: [webauthn] Clarify excludeCredentialDescriptorList
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague
- Closed: [webauthn] Credential ID uniqueness expectations are inconsistent/vague
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague
- Re: [webauthn] user id should be returned in get()
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague
- Re: [webauthn] Credential ID uniqueness expectations are inconsistent/vague
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] Plumb User ID through
- [webauthn] Credential ID uniqueness expectations are inconsistent/vague
- Re: [webauthn] CDDL for attStmtType is confusing
Thursday, 21 September 2017
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] Privacy Considerations should describe risks of storing userID/displayName in "second-factor" authenticators
- Re: [webauthn] Fix Android attestation
Wednesday, 20 September 2017
- [w3c/webauthn] 8e8219: Built by Travis-CI: f37cfc5dfd074832ab61ed299d1ee7...
- [webauthn] new commits pushed by WebAuthnBot
- [webauthn] Privacy Considerations should describe risks of storing userID/displayName in "second-factor" authenticators
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] Plumb User ID through
- [w3c/webauthn] f37cfc: Address security and privacy issues witht the icon...
- Re: [webauthn] Address security and privacy issues witht the iconURL
- [webauthn] new commits pushed by AngeloKai
- Re: [webauthn] fixup algs contd 3
- Re: [webauthn] Not clear what's executed in parallel in Section 4.1.3, Step 24.3
- Re: [webauthn] include public key in result from create()
- Re: [webauthn] keyType: "public-key" is superfluous
Tuesday, 19 September 2017
- [webauthn] CDDL for attStmtType is confusing
- Re: [webauthn] include public key in result from create()
- Re: [webauthn] Consider dropping requirement for TUP on create()
- 09/20/2017 W3C Web Authentication WG Meeting Agenca
- Re: [webauthn] Clarify excludeCredentialDescriptorList
- Re: [webauthn] Where are rsaAlgName and eccAlgName defined?
- Re: [webauthn] Not clear what to do with cross platform authenticators during make-an-assertion step
- Re: [webauthn] restrict WebAuthentication API to only top level browsing context
- Re: [webauthn] include public key in result from create()
- Re: [webauthn] preventSilentAccess() -- what effect does calling it have?
- Re: [webauthn] How should the browser handle CredentialMediationRequirement for public key credentials?
- Re: [webauthn] RP guidelines should allow RP to not check attestation
- Re: [webauthn] RP guidelines should allow RP to not check attestation
- Re: [webauthn] include public key in result from create()
- [webauthn] RP guidelines should allow RP to not check attestation
- Re: [webauthn] isPlatformAuthenticatorAvailable() timeout really 10 minutes?
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] include public key in result from create()
Monday, 18 September 2017
- [webauthn] isPlatformAuthenticatorAvailable() timeout really 10 minutes?
- [webauthn] Not clear what to do with cross platform authenticators during make-an-assertion step
- [w3c/webauthn] 5502d4: Clarifying signing procedure for U2F attestation
- [webauthn] new commits pushed by balfanz
- Closed: [webauthn] should authenticatorExtensions really be a dictionary?
- Re: [webauthn] .store() is confusing
- Re: [webauthn] include public key in result from create()
- Re: [webauthn] Consider dropping requirement for TUP on create()
- Re: [webauthn] authenticatorMakeCredential has an excludeCredentialDescriptorList parameter, but doesn't do anything with it
- Re: [webauthn] authenticatorMakeCredential has an excludeCredentialDescriptorList parameter, but doesn't do anything with it
- Re: [webauthn] Plumb User ID through
- [webauthn] No description regarding representation of credential Id length
Saturday, 16 September 2017
Friday, 15 September 2017
- Re: [webauthn] user id should be returned in get()
- Re: [webauthn] include public key in result from create()
- Re: [webauthn] #registering-a-new-credential step 10 breakage
- Re: [webauthn] Consider dropping requirement for TUP on create()
- Closed: [webauthn] [PR 384] Does requireUserMediation() make sense after merge
- Re: [webauthn] [PR 384] Does requireUserMediation() make sense after merge
- Re: [webauthn] imageURL privacy
- Re: [webauthn] imageURL privacy
- Re: [webauthn] include public key in result from create()
- Re: [webauthn] user id should be returned in get()
- Re: [webauthn] Consider requiring canonical CBOR throughout
- [webauthn] Add [Exposed] to all interfaces
- Re: [webauthn] user id should be returned in get()
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] include public key in result from create()
- Re: [webauthn] #registering-a-new-credential step 10 breakage
- Re: [webauthn] imageURL privacy
- [webauthn] Where are rsaAlgName and eccAlgName defined?
- [webauthn] authenticatorMakeCredential has an excludeCredentialDescriptorList parameter, but doesn't do anything with it
- Re: [webauthn] keyType: "public-key" is superfluous
Thursday, 14 September 2017
- Re: [webauthn] Consider dropping requirement for TUP on create()
- [webauthn] How should the browser handle CredentialMediationRequirement for public key credentials?
- Re: [webauthn] Consider dropping requirement for TUP on create()
- Re: [webauthn] Consider dropping requirement for TUP on create()
- [webauthn] preventSilentAccess() -- what effect does calling it have?
- Re: [webauthn] Consider dropping requirement for TUP on create()
- Re: [webauthn] Consider dropping requirement for TUP on create()
- Re: [webauthn] Consider dropping requirement for TUP on create()
- Re: [webauthn] Consider dropping requirement for TUP on create()
- Re: [webauthn] Add credential type uaf
- Re: [webauthn] Address security and privacy issues witht the iconURL
- Re: [webauthn] imageURL privacy
- Re: [webauthn] Add uaf attestation format
- Re: [webauthn] Add credential type uaf
- [webauthn] Consider dropping requirement for TUP on create()
- Re: [webauthn] keyType: "public-key" is superfluous
- Re: [webauthn] keyType: "public-key" is superfluous
- Re: [webauthn] keyType: "public-key" is superfluous
- Re: [webauthn] keyType: "public-key" is superfluous
- Re: [webauthn] Plumb User ID through
- Re: [webauthn] include public key in result from create()
- Closed: [webauthn] An issue about setAttestationChallenge() in "android-key" attestation statement
- Re: [webauthn] Safetynet attestation does not return byte array as a response.
- Re: [webauthn] include public key in result from create()
- Re: [webauthn] include public key in result from create()
- Re: [webauthn] include public key in result from create()
Wednesday, 13 September 2017
- Re: [webauthn] Include Constants for COSE Algorithm Numbers
- Re: [webauthn] new commits pushed by leshi
- Re: [webauthn] Not clear what's executed in parallel in Section 4.1.3, Step 24.3
- RE: [webauthn] new commits pushed by leshi
- RE: [webauthn] new commits pushed by leshi
- Re: [webauthn] new commits pushed by leshi
- RE: [webauthn] new commits pushed by leshi
- Re: [webauthn] new commits pushed by leshi
- RE: [webauthn] new commits pushed by leshi
- RE: [webauthn] new commits pushed by leshi
- Re: [webauthn] include public key in result from create()
- [w3c/webauthn] 1dce39: Built by Travis-CI: db1be8059b02cb8981fbe0229f6d1e...
- [webauthn] new commits pushed by WebAuthnBot
- [w3c/webauthn] db1be8: Fix Android attestation (#546)
- [webauthn] new commits pushed by leshi
- [w3c/webauthn] f8943a: Built by Travis-CI: dcf793928221b1883f4c9ac4dd5264...
- [webauthn] new commits pushed by WebAuthnBot
- [w3c/webauthn] dcf793: using descriptive names for authenticator selectio...
- [w3c/webauthn] 14adaa: Built by Travis-CI: eb401b78e218af43715e426ea1825f...
- [webauthn] new commits pushed by leshi
- Re: [webauthn] using descriptive names for authenticator selection criteria
- [webauthn] new commits pushed by WebAuthnBot
- [w3c/webauthn] eb401b: Remove user agent getting user consent sentence (#...
- Closed: [webauthn] The description for creating a new credential has the browser prompting the user for consent
- [webauthn] new commits pushed by leshi
- Re: [webauthn] Address security and privacy issues witht the iconURL
- Re: [webauthn] Sign counter alg 507
- [w3c/webauthn] 4a376b: removed signing procedure details and referred to ...
- [webauthn] new commits pushed by rlin1
- Re: [webauthn] fixup algs contd 3
- Re: [webauthn] user id should be returned in get()
- Re: [webauthn] user id should be returned in get()
- Re: [webauthn] user id should be returned in get()
- Re: [webauthn] fixup algs contd 3
- [w3c/webauthn] 2465b4: updating signcounter consideration according to su...
- [webauthn] new commits pushed by rlin1
- Re: [webauthn] Sign counter alg 507
- [w3c/webauthn] 92b5bf: addressed second last comment
- [webauthn] new commits pushed by rlin1
- [w3c/webauthn] 7a8ad4: more corrections according to the comments in the ...
- [webauthn] new commits pushed by rlin1
- Re: [webauthn] Consider requiring canonical CBOR throughout
- 09/13/2017 W3C Web Authentication WG Meeting Agenda
- RE: Eleven comments on " Web Authentication: An API for accessing Public Key Credentials". W3C Working Draft, 5 May 2017
Tuesday, 12 September 2017
- Re: [webauthn] Address security and privacy issues witht the iconURL
- Re: [webauthn] Remove user agent getting user consent sentence
- Re: [webauthn] fixup algs contd 3
- Re: [webauthn] Consider requiring canonical CBOR throughout
- [w3c/webauthn] 2465b4: updating signcounter consideration according to su...
- [webauthn] new commits pushed by rlin1
- Re: [webauthn] Sign counter alg 507
- [w3c/webauthn] ee384b: added alternative: MSB to indicate signCounter sup...
- [webauthn] new commits pushed by rlin1
- Re: [webauthn] keyType: "public-key" is superfluous
- Re: [webauthn] Not necessary to pass AuthenticatorSelectionCriteria members to authenticatorMakeCredential()
- Re: [webauthn] Consider requiring canonical CBOR throughout
- [webauthn] Safetynet attestation does not return byte array as a response.
- Re: [webauthn] keyType: "public-key" is superfluous
- Re: [webauthn] Refine meaning of PublicKeyCredentialType to be "signature & assertion format (and version thereof)"
- Re: [webauthn] using descriptive names for authenticator selection criteria
- please review credman PR#100 and webauthn PR#498.. (fixup algs contd 3)
- Re: [webauthn] Sign counter alg 507
Monday, 11 September 2017
- Re: [webauthn] Sign counter alg 507
- reviewed current state of PR #539
- Re: [webauthn] undefined terms
- Re: [webauthn] #registering-a-new-credential step 10 breakage
- Re: [webauthn] Consider requiring canonical CBOR throughout
- Closed: [webauthn] Consider requiring canonical CBOR throughout
- [webauthn] incosistent concatenation symbols - notational conventions section?
- [webauthn] #registering-a-new-credential step 10 breakage
- Re: [webauthn] .store() is confusing
- Re: [webauthn] .store() is confusing
- [webauthn] ensure #registering-a-new-credential step 10 and the inputs to all attStmt types' verification procedures match
- Re: [webauthn] Not clear what's executed in parallel in Section 4.1.3, Step 24.3
- [w3c/webauthn] ad54fb: correction: bikeshed still wants spaces - not tabs
- [webauthn] new commits pushed by rlin1
- [w3c/webauthn] bc8e9a: corrected phrase as indicated by equalsJeffH
- [webauthn] new commits pushed by rlin1
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] U2F Attestation only lists Basic Attestation as supported
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] .store() is confusing
- Re: [webauthn] Sign counter alg 507
Saturday, 9 September 2017
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] include public key in result from create()
- Re: [webauthn] user id should be returned in get()
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] Fix Android attestation
- Re: [webauthn] An issue about setAttestationChallenge() in "android-key" attestation statement
Friday, 8 September 2017
- [webauthn] Not clear what's executed in parallel in Section 4.1.3, Step 24.3
- Re: [webauthn] should authenticatorExtensions really be a dictionary?
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] keyType: "public-key" is superfluous
- Re: [webauthn] include public key in result from create()
- [webauthn] include public key in PublicKeyCredential
- Re: [webauthn] basicIntegrity in SafetyNet documentation not sufficiently defined
- [webauthn] user id should be returned in get()
- [w3c/webauthn] df905a: using descriptive names for authenticator selectio...
- [webauthn] new commits pushed by balfanz
- [webauthn] keyType: "public-key" is superfluous
- Re: [webauthn] basicIntegrity in SafetyNet documentation not sufficiently defined
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] .store() is confusing
- Re: [webauthn] Move {#sample-scenarios} (currently Section 10) to the top of the doc
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] "Authenticator extension processing" is likely wrong
- Re: [webauthn] should authenticatorExtensions really be a dictionary?
- Re: [webauthn] Sign counter alg 507
- [w3c/webauthn] 1559de: Remove user agent getting user consent sentence
- [webauthn] new commits pushed by leshi
- [webauthn] The description for creating a new credential has the browser prompting the user for consent
- Re: [webauthn] .store() is confusing
- [webauthn] .store() is confusing
- [webauthn] should authenticatorExtensions really be a dictionary?
- Re: [webauthn] Sign counter alg 507
- Closed: [webauthn] The authenticatorMakeCredential operation section doesn't specify how to pass extensions to authenticator
- Re: [webauthn] The authenticatorMakeCredential operation section doesn't specify how to pass extensions to authenticator
- [webauthn] The authenticatorMakeCredential operation section doesn't specify how to pass extensions to authenticator
- [webauthn] "Authenticator extension processing" is likely wrong
- Re: [webauthn] Key types and algorithms are confusing
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] Sign counter alg 507
- [w3c/webauthn] 20827e: typo
- [webauthn] new commits pushed by rlin1
- Re: [webauthn] impl guidelines for signature counter
- [webauthn] Key types and algorithms are confusing
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] impl guidelines for signature counter
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] Fix Android attestation
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ
- Closed: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ
- Re: [webauthn] impl guidelines for signature counter
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] Sign counter alg 507
- [w3c/webauthn] 14c273: fix proper subset tweak (#542)
- [webauthn] new commits pushed by rlin1
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] impl guidelines for signature counter
- [w3c/webauthn]
- [webauthn] new commits pushed by balfanz
- Re: [webauthn] fixup algs contd 3
- [w3c/webauthn] 1f096d: incorp comments from mikewest at webappsec-credent...
- [webauthn] new commits pushed by equalsJeffH
Thursday, 7 September 2017
- Re: [webauthn] Android SafetyNet Attestation lacks information on authenticator provenance
- Re: [webauthn] restrict WebAuthentication API to only top level browsing context
- Re: [webauthn] basicIntegrity in SafetyNet documentation not sufficiently defined
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ
- Re: [webauthn] basicIntegrity in SafetyNet documentation not sufficiently defined
- Re: [webauthn] basicIntegrity in SafetyNet documentation not sufficiently defined
- Re: [webauthn] basicIntegrity in SafetyNet documentation not sufficiently defined
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ
- Re: [webauthn] Make AuthenticatorSelectionCriteria more complete.
- Re: [webauthn] basicIntegrity in SafetyNet documentation not sufficiently defined
- Re: [webauthn] basicIntegrity in SafetyNet documentation not sufficiently defined
- Re: [webauthn] basicIntegrity in SafetyNet documentation not sufficiently defined
- Re: [webauthn] Android SafetyNet Attestation lacks information on authenticator provenance
- Re: [webauthn] basicIntegrity in SafetyNet documentation not sufficiently defined
- Re: [webauthn] ctsprofilematch in SafetyNet documentation not sufficiently defined
- Re: [webauthn] Make AuthenticatorSelectionCriteria more complete.
- Re: [webauthn] PublicKeyCredentialDescriptor.id and PublicKeyCredentialEntity.id type differ
- Re: [webauthn] various issues with AppId extension
- Re: [webauthn] #createCredential step 12 incorrectly refers to a timer
- Re: [webauthn] need description & illustrations of overall flow: authnr <--> platform API <--> RP
- Re: [webauthn] #createCredential step 12 incorrectly refers to a timer
- Re: [webauthn] need description & illustrations of overall flow: authnr <--> platform API <--> RP
- Re: [webauthn] Not necessary to pass AuthenticatorSelectionCriteria members to authenticatorMakeCredential()
- Re: [webauthn] Authenticator selection extension needs to define snapshotting behavior
- Re: [webauthn] RawId vs Id is confusing
- Re: [webauthn] restrict WebAuthentication API to only top level browsing context
- Re: [webauthn] "WebAuthn Authenticator model" seemingly prohibits random AAGUIDs (minor)
- Re: [webauthn] Correct uses of "JSON string" versus "DOMString" and other string terminology usage
- Re: [webauthn] Replace Authenticator Model with CTAP
- Closed: [webauthn] makeCredential should be more precise than NotAllowedError in its last step
- Re: [webauthn] makeCredential should be more precise than NotAllowedError in its last step
Wednesday, 6 September 2017
- Re: [webauthn] makeCredential should be more precise than NotAllowedError in its last step
- Re: [webauthn] UVM Extension Editorial Change
- Re: [webauthn] Refine meaning of PublicKeyCredentialType to be "signature & assertion format (and version thereof)"
- Closed: [webauthn] New research suggest using ED512 instead of ED256.
- Re: [webauthn] New research suggest using ED512 instead of ED256.
- Re: [webauthn] Consider using USVString instead of DOMString sometimes
- Closed: [webauthn] Consider using USVString instead of DOMString sometimes
- Re: [webauthn] The W3C HTML spec is broken, and probably shouldn't be referenced
- Re: [webauthn] The W3C HTML spec is broken, and probably shouldn't be referenced
- Re: fyi: client nonce security analysis
- Re: [webauthn] Authenticator selection extension - should makeCredential fail if no specified authenticator can be found?
- Re: [webauthn] Consider using USVString instead of DOMString sometimes
- Re: [webauthn] New research suggest using ED512 instead of ED256.
- Re: [webauthn] "might be present on this authenticator" could use a clearer definition
- Closed: [webauthn] "might be present on this authenticator" could use a clearer definition
- Closed: [webauthn] It would be nice if the definition of "Scoped Credential" said something about what `identifier` and `type` are
- Re: [webauthn] It would be nice if the definition of "Scoped Credential" said something about what `identifier` and `type` are
- Closed: [webauthn] Drop UAF references in favor of better explanation
- Re: [webauthn] Drop UAF references in favor of better explanation
- Re: [webauthn] restrict WebAuthentication API to only top level browsing context
- Re: [webauthn] parameter lists in #createCredential and #op-make-cred do not match
- fyi: client nonce security analysis
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] It would be nice if the definition of "Scoped Credential" said something about what `identifier` and `type` are
- Re: [webauthn] Sign counter alg 507
- Closed: [webauthn] Specify what happens when the Client receives invalid CBOR
- Re: [webauthn] Specify what happens when the Client receives invalid CBOR
- Closed: [webauthn] authenticatorGetAssertion showing selection UI for external authenticators
- Re: [webauthn] authenticatorGetAssertion showing selection UI for external authenticators
- Re: [webauthn] Drop UAF references in favor of better explanation
- Re: [webauthn] FIDO U2F Attestation Statement Format doesn't say what to do with AAGUID
- Re: [webauthn] Sign counter alg 507
- Accessibility Questions from APA
- Re: [webauthn] Sign counter alg 507
- 09/06/2017 W3C Web Authentication WG Meeting Agenda
- Re: [webauthn] remove "required" on ScopedCredentialDescriptor.id
- Re: [webauthn] Not necessary to pass AuthenticatorSelectionCriteria members to authenticatorMakeCredential()
- Re: [webauthn] Make create() and get() abortable
- Re: [webauthn] Make create() and get() abortable
- Re: [webauthn] Make create() and get() abortable
- Re: [webauthn] Make create() and get() abortable
Tuesday, 5 September 2017
- Closed: [webauthn] Consider allowing authenticators to randomise signed hashes.
- Re: [webauthn] Consider allowing authenticators to randomise signed hashes.
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] restrict WebAuthentication API to only top level browsing context
- Re: [webauthn] Consider allowing authenticators to randomise signed hashes.
- Re: [webauthn] Sign counter alg 507
- Re: [webauthn] musings wrt webauthn's profile of COSE_Key
- Re: [webauthn] Sign counter alg 507
Monday, 4 September 2017
- Re: [webauthn] musings wrt webauthn's profile of COSE_Key
- Re: [webauthn] change "credential public key" to "user public key"
- Re: [webauthn] Consider requiring canonical CBOR throughout
- Re: [webauthn] Sign counter alg 507
Sunday, 3 September 2017
- Re: [webauthn] Consider allowing authenticators to randomise signed hashes.
- Re: [webauthn] Sign counter alg 507
- [webauthn] musings wrt webauthn's profile of COSE_Key
Saturday, 2 September 2017
- Re: [webauthn] rename "attestation data" to be "attested credential"
- Re: [webauthn] Consider allowing authenticators to randomise signed hashes.
- Re: [webauthn] FIDO U2F Attestation Statement Format doesn't say what to do with AAGUID
- Re: [webauthn] Not necessary to pass AuthenticatorSelectionCriteria members to authenticatorMakeCredential()
- Re: [webauthn] change "credential public key" to "user public key"
Friday, 1 September 2017
- [w3c/webauthn] 515acc: Built by Travis-CI: 14c2733ca6a4a9568e4c48fef1b870...
- [webauthn] new commits pushed by WebAuthnBot
- Re: [webauthn] Must returned extensions be mathematically proper subsets of requested extensions?
- Closed: [webauthn] Must returned extensions be mathematically proper subsets of requested extensions?
- [w3c/webauthn] 14c273: fix proper subset tweak (#542)
- [webauthn] new commits pushed by AngeloKai
- Re: [webauthn] Remove "proper subset" from extension algorithm
- Re: [webauthn] Must returned extensions be mathematically proper subsets of requested extensions?