W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2018

Re: [webauthn] AttestationResponse vs AssertionResponse

From: Arnar Birgisson via GitHub <sysbot+gh@w3.org>
Date: Wed, 28 Mar 2018 14:18:35 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-376903543-1522246714-sysbot+gh@w3.org>
Even without blinding, clients must parse and rewrite attestation objects because authenticators return CBOR maps with integer keys, which are defined in CTAP but not allowed by WebAuthn, and thus would not be understood by an RP.

https://github.com/fido-alliance/fido-2-specs/issues/501

-- 
GitHub Notification of comment by arnar
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/854#issuecomment-376903543 using your GitHub account
Received on Wednesday, 28 March 2018 14:18:40 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:31 UTC