Re: [webauthn] FIDO U2F Attestation Statement Format needs to clarify that user handle will be empty from Emil Lundberg via GitHub on 2018-01-12 (public-webauthn@w3.org from January 2018)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Fri, 12 Jan 2018 18:29:47 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-357317394-1515781786-sysbot+gh@w3.org>

I'd like to note that with #730 merged, the need is lesser than it was at the time of my previous comment. [`AuthenticatorAssertionResponse.userHandle`][uh] is now nullable, so it's no longer weird that "the user handle is required, except when it isn't"; and both authenticator and client algorithms now specify excplicitly when to return null for the user handle ([§5.1.4.1 step 18.3][uhnull], [§6.2.1][amc] step 7.4, [§6.2.2][aga] step 13 point 4).

[uh]: https://w3c.github.io/webauthn/#dom-authenticatorassertionresponse-userhandle
[uhnull]: https://w3c.github.io/webauthn/#ref-for-dom-authenticatorassertionresponse-userhandle%E2%91%A0
[amc]: https://w3c.github.io/webauthn/#op-make-cred
[aga]: https://w3c.github.io/webauthn/#op-get-assertion

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/715#issuecomment-357317394 using your GitHub account

Received on Friday, 12 January 2018 18:29:50 UTC