- From: Adam Langley via GitHub <sysbot+gh@w3.org>
- Date: Sun, 04 Feb 2018 00:38:54 +0000
- To: public-webauthn@w3.org
At the meeting I raised some concerns about the cryptography. That's a CTAP2 issue, however, and I have filed [this PR](https://github.com/fido-alliance/fido-2-specs/pull/445) to try and address that in a non-breaking way. I had thought that the `hmac-secret` extension was going to be externally defined and thus did not expect to see it in webauthn. Also, this PR references the CTAP2 spec for details of the authenticator inputs / outputs, but I didn't think that was going in CTAP2. Assuming that it is going to be specified in webauthn & CTAP2, the naming of some of the variables seems to be a little specific to a single use-case. The salts are called `salt1` and `salt2`, reasonably enough, but then I would expect the outputs to be `output1` and `output2` rather than `offlineCurrentHash` and `offlineNewHash`. -- GitHub Notification of comment by agl Please view or discuss this issue at https://github.com/w3c/webauthn/pull/772#issuecomment-362869721 using your GitHub account
Received on Sunday, 4 February 2018 00:38:56 UTC