- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Wed, 29 Aug 2018 19:25:31 +0000
- To: public-webauthn@w3.org
agl has just closed agl's pull request 882 for https://github.com/w3c/webauthn: == Include an AuthenticatorTransport when creating a new credential. == FIDO U2F found it neccessary to wedge the authenticator transport in an X.509 extension of the attestation certificate in order to communicate this information to the RP. In Webauthn, we currently note that it's possible that an RP might learn this information from the attestation, but now have several kinds of attesattion and it seems dumb to define ways to wedge this information in each. Instead, have the client include the transport in the AuthenticatorAttestationResponse. Also, define another transport type for cases where a non-standard protocol is used to communicate with a platform authenticator. Since interface attributes cannot be optional, this technically defines a breaking change, although I don't believe that it will break anything in practice. Still, this could also be punted to an extension if we wished. However, given that U2F found it to be central, I've gone this route. fixes #889 fixes #851 <!-- This comment and the below content is programatically generated. You may add a comma-separated list of anchors you'd like a direct link to below (e.g. #idl-serializers, #idl-sequence): Don't remove this comment or modify anything below this line. If you don't want a preview generated for this pull request, just replace the whole of this comment's content by "no preview" and remove what's below. --> *** <a href="https://pr-preview.s3.amazonaws.com/agl/webauthn/pull/882.html" title="Last updated on May 2, 2018, 10:56 PM GMT (e08a41f)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/882/c880ab9...agl:e08a41f.html" title="Last updated on May 2, 2018, 10:56 PM GMT (e08a41f)">Diff</a> See https://github.com/w3c/webauthn/pull/882
Received on Wednesday, 29 August 2018 19:25:33 UTC