[webauthn] TokenBindingId value doesn't permit the U2F "unsued" from kpaulh via GitHub on 2018-02-12 (public-webauthn@w3.org from February 2018)

From: kpaulh via GitHub <sysbot+gh@w3.org>
Date: Mon, 12 Feb 2018 22:52:26 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-296553478-1518475945-sysbot+gh@w3.org>

kpaulh has just created a new issue for https://github.com/w3c/webauthn:

== TokenBindingId value doesn't permit the U2F "unsued" ==
Currently the WebAuthn spec and the TokenBinding spec define how tokenBindingId looks in WebAuthn clientData. This does not allow for a sentinel value that indicates "client supports token binding, but did not use it because server claimed no support". This value was called "unused" in U2F.

I'm sorry this went unnoticed until now.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/798 using your GitHub account

Received on Monday, 12 February 2018 22:57:30 UTC