W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2018

Re: [webauthn] Fix #848: Weirdness in RP UP verification

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 04 Apr 2018 17:34:47 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-378682805-1522863286-sysbot+gh@w3.org>
This conversation https://github.com/w3c/webauthn/pull/849#discussion_r179211553 also drew my attention to how recent CTAP drafts no longer have the `requireUserPresence` option in the [`authenticatorMakeCredential`][amc] operation, and have clearly specified when to set UP in [`authenticatorGetAssertion`][aga]. Our versions of the operations could use updating to agree with CTAP here, which also simplifies the logic in them. I'll open a separate issue for that.

[amc]: https://w3c.github.io/webauthn/#op-make-cred
[aga]: https://w3c.github.io/webauthn/#op-get-assertion

GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/849#issuecomment-378682805 using your GitHub account
Received on Wednesday, 4 April 2018 17:34:56 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:32 UTC