- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Wed, 29 Aug 2018 19:25:31 +0000
- To: public-webauthn@w3.org
agl has just closed agl's pull request 882 for https://github.com/w3c/webauthn:
== Include an AuthenticatorTransport when creating a new credential. ==
FIDO U2F found it neccessary to wedge the authenticator transport in an
X.509 extension of the attestation certificate in order to communicate
this information to the RP.
In Webauthn, we currently note that it's possible that an RP might learn
this information from the attestation, but now have several kinds of
attesattion and it seems dumb to define ways to wedge this information
in each.
Instead, have the client include the transport in the
AuthenticatorAttestationResponse. Also, define another transport type
for cases where a non-standard protocol is used to communicate with a
platform authenticator.
Since interface attributes cannot be optional, this technically defines a
breaking change, although I don't believe that it will break anything in
practice. Still, this could also be punted to an extension if we wished.
However, given that U2F found it to be central, I've gone this route.
fixes #889
fixes #851
<!--
This comment and the below content is programatically generated.
You may add a comma-separated list of anchors you'd like a
direct link to below (e.g. #idl-serializers, #idl-sequence):
Don't remove this comment or modify anything below this line.
If you don't want a preview generated for this pull request,
just replace the whole of this comment's content by "no preview"
and remove what's below.
-->
***
<a href="https://pr-preview.s3.amazonaws.com/agl/webauthn/pull/882.html" title="Last updated on May 2, 2018, 10:56 PM GMT (e08a41f)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/882/c880ab9...agl:e08a41f.html" title="Last updated on May 2, 2018, 10:56 PM GMT (e08a41f)">Diff</a>
See https://github.com/w3c/webauthn/pull/882
Received on Wednesday, 29 August 2018 19:25:33 UTC