W3C home > Mailing lists > Public > public-webauthn@w3.org > August 2018

Re: [webauthn] Clarification of valid rpIdHash value requested in section 7 when using AppID extension

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Thu, 09 Aug 2018 20:21:20 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-411884522-1533846079-sysbot+gh@w3.org>
> Is it always a fair assumption that an RP knows the credential was previously created with the U2F API?

I think so? If an RP is coming to webauthn afresh then it need never bother with U2F or AppIDs. Otherwise it previously used the U2F API and thus all existing credentials are U2F credentials and it can record the provenance of new credentials from that point onwards.

But I'll make up a change (in the extension section) noting that the RP ID hash will be an AppID hash if the AppID was used.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/980#issuecomment-411884522 using your GitHub account
Received on Thursday, 9 August 2018 20:21:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:54 UTC