W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2018

Re: web-platform-tests results

From: Adam Langley <agl@google.com>
Date: Wed, 19 Dec 2018 16:17:13 -0800
Message-ID: <CAL9PXLyuOPn5FOn_FjfLN0DFjK=iSt7Z8c=fF7zY=K=v-2CmuA@mail.gmail.com>
To: Philippe Le Hégaret <plh@w3.org>
Cc: Anthony Nadalin <tonynad@microsoft.com>, W3C Web Authn WG <public-webauthn@w3.org>
On Wed, Dec 19, 2018 at 3:17 PM Adam Langley <agl@google.com> wrote:

> Bad pubKeyCredParams: pubKeyCredParams is empty Array
> Current Chrome fails this although it was marked as “passing”. It does
> appear that it's valid for this sequence to be empty. Thus I believe this
> is a Chrome bug.

WebAuthn and CTAP2 disagree on this point.

WebAuthn clearly thinks that an empty pubKeyCredParams is valid and
expresses no preference about the algorithm of any resulting credential
("The authenticator makes a best-effort to create the most preferred
credential that it can.")

CTAP2 says "If the pubKeyCredParams parameter does not contain a valid
COSEAlgorithmIdentifier value that is supported by the authenticator,
terminate this procedure and return error code

So I can change Chromium to accept an empty list here and for non-CTAP2
device it'll do something. But CTAP2 devices fail immediately.


Received on Thursday, 20 December 2018 00:17:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:59 UTC