Re: [webauthn] AttestationResponse vs AssertionResponse

Even without blinding, clients must parse and rewrite attestation objects because authenticators return CBOR maps with integer keys, which are defined in CTAP but not allowed by WebAuthn, and thus would not be understood by an RP.

GitHub Notification of comment by arnar
Please view or discuss this issue at using your GitHub account

Received on Wednesday, 28 March 2018 14:18:40 UTC