Monday, 30 April 2018
- [webauthn] Return the employed AuthenticatorTransport when creating a new credential
- Re: [webauthn] Include an AuthenticatorTransport when creating a new credential.
- Re: [webauthn] Include an AuthenticatorTransport when creating a new credential.
- Re: [webauthn] Add example of new device enrollment via roaming authenticator
- Re: [webauthn] WIP: Authenticator taxonomy
- Closed: [webauthn] Does it require a JavaScript library?
- Re: [webauthn] Does it require a JavaScript library?
- [webauthn] Pull Request: Fixed example with incorrect allowCredential. Improved existing examples
- Re: [webauthn] Fixed incorrect field size that makes all letters to overlap each other
- [webauthn] Pull Request: Fixed incorrect field size that makes all letters to overlap each other
- Re: [webauthn] Does it require a JavaScript library?
Sunday, 29 April 2018
- Re: [webauthn] Include an AuthenticatorTransport when creating a new credential.
- Re: [webauthn] Include an AuthenticatorTransport when creating a new credential.
- [webauthn] Does it require a JavaScript library?
Friday, 27 April 2018
Thursday, 26 April 2018
- Re: [webauthn] Authenticators that do not recognize any handles shouldn't just be dropped on the floor
- Re: WebEx issue today
Wednesday, 25 April 2018
- Re: [webauthn] Propose procedure for adding to attestation/extension registry
- Re: [webauthn] Authenticators that do not recognize any handles shouldn't just be dropped on the floor
- Re: WebEx issue today
- RE: WebEx issue today
- WebEx issue today
- Re: [webauthn] What is the point of `allowCredentials`?
- Re: [webauthn] What is the point of `allowCredentials`?
- Re: [webauthn] Authenticators that do not recognize any handles shouldn't just be dropped on the floor
- Re: [webauthn] Delete per RP ID Signature counters
- Re: [webauthn] Delete per RP ID Signature counters
- Re: [webauthn] Include an AuthenticatorTransport when creating a new credential.
- Web Authentication Working Group Teleconference 25 Apr 2018
- Re: [webauthn] Delete per RP ID Signature counters
- Re: [webauthn] Delete per RP ID Signature counters
- Re: [webauthn] Delete per RP ID Signature counters
- Re: [webauthn] Delete per RP ID Signature counters
- Re: [webauthn] Include an AuthenticatorTransport when creating a new credential.
- Re: [webauthn] Include an AuthenticatorTransport when creating a new credential.
- [webauthn] The RS1 IANA COSE Algorithm registration doesn't match the value in the spec
- Re: [webauthn] Clarify U2F attestation verification
- Re: [webauthn] Clarify U2F attestation verification
- Re: 04/25/2018 W3C Web Authentication WG Meeting Agenda
- Re: [webauthn] What is the point of `allowCredentials`?
- RE: 04/25/2018 W3C Web Authentication WG Meeting Agenda
- Re: 04/25/2018 W3C Web Authentication WG Meeting Agenda
- RE: 04/25/2018 W3C Web Authentication WG Meeting Agenda
- Re: 04/25/2018 W3C Web Authentication WG Meeting Agenda
- Re: [webauthn] Authenticators that do not recognize any handles shouldn't just be dropped on the floor
- RE: 04/25/2018 W3C Web Authentication WG Meeting Agenda
- Re: 04/25/2018 W3C Web Authentication WG Meeting Agenda
- RE: 04/25/2018 W3C Web Authentication WG Meeting Agenda
- Re: 04/25/2018 W3C Web Authentication WG Meeting Agenda
- Re: [webauthn] Include an AuthenticatorTransport when creating a new credential.
- Re: 04/25/2018 W3C Web Authentication WG Meeting Agenda
- Re: 04/25/2018 W3C Web Authentication WG Meeting Agenda
- Re: 04/25/2018 W3C Web Authentication WG Meeting Agenda
- Re: [webauthn] Clarify U2F attestation verification
- [w3c/webauthn] 63c71d: Add example of new device enrollment via roaming a...
- [webauthn] Pull Request: Add example of new device enrollment via roaming authenticator
- [webauthn] new commits pushed by emlun
- [w3c/webauthn] ccfd83: Add example of new device enrollment via roaming a...
- [webauthn] new commits pushed by emlun
- [w3c/webauthn] 88bb9a: Extract section 6.1.2. FIDO U2F signature format c...
- [webauthn] new commits pushed by emlun
- [webauthn] Pull Request: Clean up cross-spec refs in PR #861
- 04/25/2018 W3C Web Authentication WG Meeting Agenda
- [w3c/webauthn] 0bc2ee: Extract cross-spec ref for RFC8152 Secion 7
- [webauthn] new commits pushed by emlun
- Re: [webauthn] Authenticators that do not recognize any handles shouldn't just be dropped on the floor
- Re: [webauthn] Authenticators that do not recognize any handles shouldn't just be dropped on the floor
Tuesday, 24 April 2018
- [webauthn] Pull Request: Include an AuthenticatorTransport when creating a new credential.
- [w3c/webauthn] e36ee7: Clarify that authentication use case example requi...
- Re: [webauthn] NULL or DOMException
- [webauthn] new commits pushed by emlun
- [webauthn] new commits pushed by emlun
- [webauthn] Pull Request: Clarify that authentication use case example requires pairing the phone first
- [w3c/webauthn] 65e393: Clarify that authentication use case example requi...
- Re: [webauthn] Delete per RP ID Signature counters
- Re: [webauthn] Clarify examples: 1.1.1. Registration / 1.1.2. Authentication
- Re: [webauthn] Delete per RP ID Signature counters
- Re: [webauthn] Clarify examples: 1.1.1. Registration / 1.1.2. Authentication
- Re: [webauthn] Delete per RP ID Signature counters
- [webauthn] Pull Request: Change "with string-valued keys" to "whose keys are strings"
- [w3c/webauthn] 2c97d4: "with string-valued keys" => "whose keys are strin...
- [webauthn] new commits pushed by emlun
- [w3c/webauthn]
- [w3c/webauthn] 425afc: Address @equalsJeffH's review comments
- [webauthn] new commits pushed by emlun
- Re: [webauthn] Tighten security scope by port
- Re: [webauthn] Tighten security scope by port
- Re: [webauthn] Authenticators that do not recognize any handles shouldn't just be dropped on the floor
- Re: [webauthn] What is the point of `allowCredentials`?
- Re: [webauthn] Privacy across OS accounts
Monday, 23 April 2018
- Re: [IANA #1050064] General Request for Assignment (cose)
- [webauthn] Use |authData| instead of |aData| and |adata| in RP assertion verification operation
- [w3c/webauthn] 2dabcf: Fix |authData| -> |aData|
- [webauthn] new commits pushed by emlun
- Re: [webauthn] Add RP conformance section on ignoring attestation
- [webauthn] Pull Request: Fix #593 - Refer to RFC 8266 for RP-controlled UI strings
- [w3c/webauthn]
- Re: [webauthn] Authenticators that do not recognize any handles shouldn't just be dropped on the floor
Friday, 20 April 2018
- Re: [webauthn] NULL or DOMException
- [webauthn] NULL or DOMException
- Re: [webauthn] Clarify examples: 1.1.1. Registration / 1.1.2. Authentication
- Re: [webauthn] Clarify examples: 1.1.1. Registration / 1.1.2. Authentication
- Re: FW: [IANA #1050064] General Request for Assignment (cose)
- Re: FW: [IANA #1050064] General Request for Assignment (cose)
- FW: [IANA #1050064] General Request for Assignment (cose)
- Re: [webauthn] Clarify examples: 1.1.1. Registration / 1.1.2. Authentication
Thursday, 19 April 2018
- Re: [webauthn] undefined terms
- Re: [webauthn] Privacy across OS accounts
- Re: [webauthn] Clarify examples: 1.1.1. Registration / 1.1.2. Authentication
- [webauthn] cleanup: interstital blank line
- Re: [webauthn] Tighten security scope by port
- Re: [webauthn] What is the point of `allowCredentials`?
- Re: [webauthn] Clarify examples: 1.1.1. Registration / 1.1.2. Authentication
- Re: [webauthn] Tighten security scope by port
- Re: [webauthn] Description of CollectedClientData is outdated
- Re: [webauthn] Description of CollectedClientData is outdated
- Re: [webauthn] Tighten security scope by port
Wednesday, 18 April 2018
- Re: [webauthn] Tighten security scope by port
- Re: [webauthn] Description of CollectedClientData is outdated
- Re: [webauthn] Description of CollectedClientData is outdated
- Re: [webauthn] Eliminate duplicate terminology
- Re: [webauthn] Eliminate duplicate terminology
- Re: [webauthn] Authenticators that do not recognize any handles shouldn't just be dropped on the floor
- [webauthn] Clarify examples: 1.1.1. Registration / 1.1.2. Authentication
- [webauthn] Tighten security scope by port
Tuesday, 17 April 2018
Monday, 16 April 2018
- Re: [webauthn] Add missing description of PublicKeyCredentialDescriptor.transports
- [w3c/webauthn] aabdf8: Built by Travis-CI: b9af923897efecaf2f85558748ee3f...
- [webauthn] new commits pushed by WebAuthnBot
- [w3c/webauthn] b9af92: Add recommendation of challenge length (#858)
- [webauthn] Merged Pull Request: Add recommendation of challenge length
- Closed: [webauthn] assertionChallenge recommendations
- [webauthn] new commits pushed by equalsJeffH
- [w3c/webauthn] dc46ca: Built by Travis-CI: 263fe9357f6c335b4d491605dc67d0...
- [webauthn] new commits pushed by WebAuthnBot
- [w3c/webauthn] 241a56: UVI modification with CDDL
- Closed: [webauthn] Clarify byte size requirements for UVI
- Re: [webauthn] Clarify byte size requirements for UVI
- [webauthn] new commits pushed by gmandyam
- [webauthn] Merged Pull Request: UVI modification with CDDL
- [w3c/webauthn] f14f12: Obfuscate Safetynet nonce (#869)
- [webauthn] Merged Pull Request: Obfuscate Safetynet nonce
- [webauthn] new commits pushed by leshi
- Closed: [webauthn] Obfuscate Safetynet nonce
- Re: [webauthn] UVI modification with CDDL
- Re: [webauthn] Add RP conformance section on ignoring attestation
- 04/18/2018 W3C Web Authentication WG Meeting Agenda -CANCELLED
Sunday, 15 April 2018
Friday, 13 April 2018
- PR #849 reviewed
- Re: [webauthn] Fix #848: Weirdness in RP UP verification
- [w3c/webauthn] e49263: draft-jones-webauthn-cose-algorithms
- [webauthn] new commits pushed by equalsJeffH
- Re: [webauthn] Authenticators that do not recognize any handles shouldn't just be dropped on the floor
- Re: [webauthn] Authenticators that do not recognize any handles shouldn't just be dropped on the floor
- Re: [webauthn] What is the point of `allowCredentials`?
- [webauthn] Description of CollectedClientData is outdated
Thursday, 12 April 2018
- PR #829 reviewed
- [w3c/webauthn] 37e89f: Obfuscate Safetynet nonce
- [w3c/webauthn] 7a484d: Built by Travis-CI: 2a23a11ceb500b594324085338a0fe...
- [webauthn] Pull Request: Obfuscate Safetynet nonce
- [webauthn] new commits pushed by leshi
- [webauthn] new commits pushed by WebAuthnBot
- [w3c/webauthn] 2a23a1: Revert "Obfuscate Safetynet nonce"
- [webauthn] new commits pushed by leshi
- [w3c/webauthn] f76b22: Built by Travis-CI: 7c94792da69919fb1e7bef88954a68...
- [webauthn] new commits pushed by WebAuthnBot
- [w3c/webauthn] 7c9479: Obfuscate Safetynet nonce
- [webauthn] new commits pushed by leshi
- Closed: [webauthn] Obfuscate Safetynet nonce
- [w3c/webauthn] 610048: Obfuscate Safetynet nonce
- [webauthn] new commits pushed by leshi
- Re: [webauthn] Obfuscate Safetynet nonce
- [webauthn] Obfuscate Safetynet nonce
- Re: [webauthn] Clarify U2F attestation verification
- Re: [webauthn] Clarify U2F attestation verification
- Re: [webauthn] What is the point of `allowCredentials`?
- [webauthn] What is the point of `allowCredentials`?
Wednesday, 11 April 2018
- Re: [webauthn] AttestationResponse vs AssertionResponse
- Re: [webauthn] UVI modification with CDDL
- Re: [webauthn] UVI modification with CDDL
- Re: [webauthn] UVI modification with CDDL
- Re: [webauthn] UVI modification with CDDL
- [w3c/webauthn] f234d4: Fix grammar
- Re: [webauthn] Add missing description of PublicKeyCredentialDescriptor.transports
- [webauthn] new commits pushed by emlun
- Re: [webauthn] Propose procedure for adding to attestation/extension registry
- Re: [webauthn] Clarify how a user can authenticate from multiple devices
- Re: [webauthn] Silent/touchless Authn? clarification of bit 0 in AuthenticatorData
- Re: [webauthn] Add missing description of PublicKeyCredentialDescriptor.transports
- Re: [webauthn] Add recommendation of challenge length
- [w3c/webauthn] b14932: Built by Travis-CI: 6d5aa3e58d23a710b8756289c63bc0...
- [webauthn] new commits pushed by WebAuthnBot
- Re: [webauthn] Clarify the U2F Attestation format to have a single certificate
- [w3c/webauthn] 6d5aa3: Address review comments by @kieun (#832)
- [webauthn] new commits pushed by equalsJeffH
- [webauthn] Merged Pull Request: Address review comments by @kieun
- [w3c/webauthn] 8f8a59: Built by Travis-CI: b84d9cb9dd1fb80ac000de0bf3e92e...
- [webauthn] new commits pushed by WebAuthnBot
- Re: [webauthn] UVI modification with CDDL
- [w3c/webauthn] b84d9c: Emphasise that the CollectedClientData can be exte...
- [webauthn] new commits pushed by equalsJeffH
- [webauthn] Merged Pull Request: Emphasise that the CollectedClientData can be extended.
- Re: [webauthn] Portability of private keys
- Closed: [webauthn] Portability of private keys
- Re: [webauthn] Portability of private keys
- Closed: [webauthn] CTAP alignment: Authenticator ops UP option
- Re: [webauthn] CTAP alignment: Authenticator ops UP option
- Closed: [webauthn] AttestationResponse vs AssertionResponse
- Re: [webauthn] AttestationResponse vs AssertionResponse
- [webauthn] Closed Pull Request: Allow client to refuse too short challenges
- Re: [webauthn] Address review comments by @kieun
- Re: [webauthn] Portability of private keys
- Re: [webauthn] Portability of private keys
- 04/11/2018 W3C Web Authentication WG Meeting Agenda
- Re: [webauthn] Portability of private keys
- [webauthn] Grammar error in Sec 13.1
- Re: [webauthn] Portability of private keys
- Re: [webauthn] Portability of private keys
- [webauthn] Portability of private keys
Tuesday, 10 April 2018
- [webauthn] CTAP-speaking authenticators use integer-valued CBOR map keys
- Press Release: FIDO Alliance and W3C Achieve Major Standards Milestone in Global Effort Towards Simpler, Stronger Authentication on the Web
Friday, 6 April 2018
- [webauthn] Authenticators that do not recognize any handles shouldn't just be dropped on the floor
- Re: Recovering from Device Loss in WebAuthn
Wednesday, 4 April 2018
- Re: [webauthn] Fix #848: Weirdness in RP UP verification
- Re: [webauthn] CTAP alignment: Authenticator ops UP option
- Re: [webauthn] Fix #848: Weirdness in RP UP verification
- Re: [webauthn] Fix #848: Weirdness in RP UP verification
- [webauthn] CTAP alignment: Authenticator ops UP option
- Re: [webauthn] Fix #848: Weirdness in RP UP verification
- [w3c/webauthn] a46247: Always verify UP bit in RP ops
- [webauthn] new commits pushed by emlun
- Re: [webauthn] Allow client to refuse too short challenges
- Meeting Canceled Re: 04/04/2018 W3C Web Authentication WG Meeting Agenda
- Re: [webauthn] Allow client to refuse too short challenges
- Re: [webauthn] Allow client to refuse too short challenges
- Re: [webauthn] UVI modification with CDDL
- [w3c/webauthn] 68d8cb: Fix reference to U2F user public key format
- [webauthn] new commits pushed by emlun
- [webauthn] Pull Request: Clarify U2F attestation verification instructions
- [w3c/webauthn] cb84e0: Fix reference to U2F user public key format
- [webauthn] new commits pushed by emlun
- Re: [webauthn] Clarify U2F attestation verification
- [webauthn] Pull Request: Add missing description of PublicKeyCredentialDescriptor.transports
- [webauthn] new commits pushed by emlun
- [w3c/webauthn] e2c124: Add missing description of PublicKeyCredentialDesc...
- [webauthn] Pull Request: Allow client to refuse too short challenges
- [webauthn] Pull Request: Add recommendation of challenge length
- 04/04/2018 W3C Web Authentication WG Meeting Agenda
- [w3c/webauthn] c0fc95: Add link to security consideration from makeCreden...
- [webauthn] new commits pushed by emlun
- [w3c/webauthn] 60146e: Add recommendation of minimum challenge length
- [webauthn] new commits pushed by emlun
- Re: [webauthn] assertionChallenge recommendations
Tuesday, 3 April 2018
Monday, 2 April 2018
- [w3c/webauthn] 387f4a: Built by Travis-CI: 98ff314ae403b84863add51fd81768...
- [webauthn] new commits pushed by WebAuthnBot
- [webauthn] Merged Pull Request: fix 855: add link to CR
- [webauthn] new commits pushed by jcjones
- Closed: [webauthn] Add CR link to the editor's draft
- [w3c/webauthn]
- [w3c/webauthn] 98ff31: fix-855-add-link-to-CR (#856)