W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2019

Re: [webauthn] Why does WebAuthn require a challenge when asking the client to register a new credential? (#1355)

From: Nick Meyer via GitHub <sysbot+gh@w3.org>
Date: Tue, 17 Dec 2019 15:45:35 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-566598536-1576597533-sysbot+gh@w3.org>
I suspect for the same reason you almost universally have to enter an OTP code to verify registration of a new TOTP token -- to validate that you actually have the correct key and can make the signature.

-- 
GitHub Notification of comment by e3b0c442
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1355#issuecomment-566598536 using your GitHub account
Received on Tuesday, 17 December 2019 15:45:36 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:09 UTC