[webauthn] Misleading key order in attestation object diagram (#1274) from Emil Lundberg via GitHub on 2019-08-12 (public-webauthn@w3.org from August 2019)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Mon, 12 Aug 2019 10:35:20 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-479575323-1565606118-sysbot+gh@w3.org>

emlun has just created a new issue for https://github.com/w3c/webauthn:

== Misleading key order in attestation object diagram ==
The [attestation object][attobj] diagram lists the CBOR map keys in the order: `authData`, `fmt`, `attStmt`, but WebAuthn [requires CBOR to be canonically encoded][canon]. This means that clients MUST encode the attestation object with the key order: `fmt`, `attStmt`, `authData`.

We should perhaps update the diagram to reflect the actual key order, or at least mention this in a note along with the diagram.

See also: https://github.com/brave/brave-ios/issues/1365

[attobj]: https://w3c.github.io/webauthn/#attestation-object
[canon]: https://w3c.github.io/webauthn/#sctn-conforming-all-classes

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1274 using your GitHub account

Received on Monday, 12 August 2019 10:35:21 UTC