[webauthn] Missing steps of checking pubKeyCredParams during registration step at RP server from Ki-Eun Shin via GitHub on 2018-09-10 (public-webauthn@w3.org from September 2018)

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Mon, 10 Sep 2018 12:40:40 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-358604674-1536583240-sysbot+gh@w3.org>

Kieun has just created a new issue for https://github.com/w3c/webauthn:

== Missing steps of checking pubKeyCredParams during registration step at RP server ==
RP may set pubKeyCredParams for restricting the algorithm that it only supports or provide more robust authentication due to security reason.
But, there is no steps on checking and verifying such algorithm on RP server side. RP needs to check the algorithm of received credential is matched to the requested one.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1061 using your GitHub account

Received on Monday, 10 September 2018 12:40:42 UTC