Re: web-platform-tests results

On Wed, Dec 19, 2018 at 3:17 PM Adam Langley <> wrote:

> Bad pubKeyCredParams: pubKeyCredParams is empty Array
> Current Chrome fails this although it was marked as “passing”. It does
> appear that it's valid for this sequence to be empty. Thus I believe this
> is a Chrome bug.

WebAuthn and CTAP2 disagree on this point.

WebAuthn clearly thinks that an empty pubKeyCredParams is valid and
expresses no preference about the algorithm of any resulting credential
("The authenticator makes a best-effort to create the most preferred
credential that it can.")

CTAP2 says "If the pubKeyCredParams parameter does not contain a valid
COSEAlgorithmIdentifier value that is supported by the authenticator,
terminate this procedure and return error code

So I can change Chromium to accept an empty list here and for non-CTAP2
device it'll do something. But CTAP2 devices fail immediately.



Received on Thursday, 20 December 2018 00:17:46 UTC