- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Tue, 06 Nov 2018 15:42:18 +0000
- To: public-webauthn@w3.org
@watahani We don't want to publish the crypto details just yet - I don't think we'll keep it secret, but we also don't want to risk people starting to use it before we've had it vetted by external cryptography experts. You're right that the `id` in that response is similar to a WebAuthn credential ID. The public key would be derived from the "public key seed" and a random nonce, and the `id` would be derived from the public key in such a way that the recovery authenticator can reconstruct the private key from the `id` (again, we're not publishing the details just yet). The main authenticator doesn't need to store anything except for the "public key seed" - both the `id` and the `publicKey` would be stored by the Relying Party. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/931#issuecomment-436298435 using your GitHub account
Received on Tuesday, 6 November 2018 15:42:19 UTC