W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2018

[webauthn] clarify generation of rpIdHash

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Tue, 05 Jun 2018 22:49:29 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-329652051-1528238968-sysbot+gh@w3.org>
equalsJeffH has just created a new issue for https://github.com/w3c/webauthn:

== clarify generation of rpIdHash  ==
In tracing through the spec, it was difficult to ascertain who creates `authenticatorData.rpIdHash` and when.  

The phrase "SHA-256 hash of the RP ID" is used in [§ 6.1. Authenticator data](https://www.w3.org/TR/webauthn/#sec-authenticator-data) (in the table only), and in the [Relying Party Operations](https://www.w3.org/TR/webauthn/#rp-operations) sections, but not in the authenticatorMakeCredential / authenticatorGetAssertion operations.  

The latter simply say "Let |authenticatorData| be the byte array specified in §6.1 Authenticator data...", and the latter section does not have a clearly defined alg subsection, so it is just sort of implicit that when one says "Let |authenticatorData| be the byte array..." that there's clearly defined work to do, and think we oughta clarify the work to do and delineate it (these would be "easy" editorial cleanups me thinks)

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/932 using your GitHub account
Received on Tuesday, 5 June 2018 22:49:31 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC