[webauthn] new commits pushed by equalsJeffH from =JeffH via GitHub on 2018-02-06 (public-webauthn@w3.org from February 2018)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Tue, 06 Feb 2018 00:34:15 +0000
To: public-webauthn@w3.org
Message-ID: <push-4f1a3ba8339824dc0491274393bebe3c142676f6-1517877254-sysbot+gh@w3.org>

The following commits were just pushed by equalsJeffH to https://github.com/w3c/webauthn:

* Describe how authenticators unique and find credential sources. (#623)

* Define Public Key Credential Source and Credential ID.

This also redefines "Public Key Credential" to be the thing presented to the RP,
as a willful violation of RFC4949.

Credential ID is defined to explicitly include the possibility that it's the
encrypted Credential Source.

* Link "credential ID".

* Allow hashes as credential IDs.

* Describe how authenticators unique and find credential sources.

This happens to fix a maybe-bug where the authenticator didn't check that a
decrypted credential ID came from the right RP.

It's also much more precise about the distinction between a credential
descriptor and a credential or credential source.

* finish merge-from-master and fixup dangling internal crossrefs

* restore masthead

* restore clientDataHash rather than tbsHash in U2F attstn format

* fixing rendering issue

* fixup merge-from-master loose ends by hand

* fix var ignore issue

* address emlun's comments, thx!

* catch straggler from emlun's comments, mea culpa

* ignore a var make bikeshed happier

* move op-lookup-credsource-by-credid alg to new subsection

* dont need ignore no more
  by Jeffrey Yasskin
https://github.com/w3c/webauthn/commit/4f1a3ba8339824dc0491274393bebe3c142676f6

Received on Tuesday, 6 February 2018 00:35:11 UTC