- From: xialvjun via GitHub <sysbot+gh@w3.org>
- Date: Sat, 24 Feb 2018 09:39:03 +0000
- To: public-webauthn@w3.org
xialvjun has just created a new issue for https://github.com/w3c/webauthn: == What's this SPEC for? == Is this SPEC for something like [this proposal](https://github.com/whatwg/html/issues/3337) 1. User has a private-public key pair. 2. User visit a website. 3. User send the public key to the website server. 4. Website server generate a random code, use the user's public key to encrypt the random code, and send the encrypted code to the user. 5. User use his private key to extract the origin code, and send it to the website server. 6. Website server authenticate the user. Is this SPEC like above description? Of course, user can have many private-public key pairs. And select one when visit a website. And for the sake of privacy(two website account should not know each other), maybe it's not private-public key pair. It's **one private key with many public keys**, a big private-public**s** key pair. And for the sake of managing the public keys, the public keys should be generated according the website origin rather than randomly. Is this SPEC like this? If not, then what's the purpose of this SPEC? Please view or discuss this issue at https://github.com/w3c/webauthn/issues/820 using your GitHub account
Received on Saturday, 24 February 2018 09:39:13 UTC