Re: [webauthn] Fix #848: Weirdness in RP UP verification from Emil Lundberg via GitHub on 2018-04-04 (public-webauthn@w3.org from April 2018)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 04 Apr 2018 17:34:47 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-378682805-1522863286-sysbot+gh@w3.org>

This conversation https://github.com/w3c/webauthn/pull/849#discussion_r179211553 also drew my attention to how recent CTAP drafts no longer have the `requireUserPresence` option in the [`authenticatorMakeCredential`][amc] operation, and have clearly specified when to set UP in [`authenticatorGetAssertion`][aga]. Our versions of the operations could use updating to agree with CTAP here, which also simplifies the logic in them. I'll open a separate issue for that.

[amc]: https://w3c.github.io/webauthn/#op-make-cred
[aga]: https://w3c.github.io/webauthn/#op-get-assertion

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/849#issuecomment-378682805 using your GitHub account

Received on Wednesday, 4 April 2018 17:34:56 UTC