Re: [webauthn] Clarification of valid rpIdHash value requested in section 7 when using AppID extension from Adam Langley via GitHub on 2018-08-09 (public-webauthn@w3.org from August 2018)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Thu, 09 Aug 2018 20:21:20 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-411884522-1533846079-sysbot+gh@w3.org>

> Is it always a fair assumption that an RP knows the credential was previously created with the U2F API?

I think so? If an RP is coming to webauthn afresh then it need never bother with U2F or AppIDs. Otherwise it previously used the U2F API and thus all existing credentials are U2F credentials and it can record the provenance of new credentials from that point onwards.

But I'll make up a change (in the extension section) noting that the RP ID hash will be an AppID hash if the AppID was used.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/980#issuecomment-411884522 using your GitHub account

Received on Thursday, 9 August 2018 20:21:22 UTC