Re: [webauthn] Why does WebAuthn require a challenge when asking the client to register a new credential? (#1355) from Johnny via GitHub on 2019-12-17 (public-webauthn@w3.org from December 2019)

From: Johnny via GitHub <sysbot+gh@w3.org>
Date: Tue, 17 Dec 2019 17:14:45 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-566659596-1576602884-sysbot+gh@w3.org>

But then why is a challenge needed? Couldn't the client just sign the `clientDataJSON.type` and the `clientDataJSON.origin` and that would prove ownership of the correct key?

-- 
GitHub Notification of comment by johnnyodonnell
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1355#issuecomment-566659596 using your GitHub account

Received on Tuesday, 17 December 2019 17:14:47 UTC