W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2020

[webauthn] What is the difference between origin verification at client and RP end? (#1434)

From: Tarun kumar yadav via GitHub <sysbot+gh@w3.org>
Date: Thu, 04 Jun 2020 17:06:48 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-631002814-1591290407-sysbot+gh@w3.org>
tarun14110 has just created a new issue for https://github.com/w3c/webauthn:

== What is the difference between origin verification at client and RP end? ==
According to the webauthn specification, the client verifies the origin of the RP. As the client, has already verified the origin of RP and sends to the authenticator, the authenticator would use the correct credential binding. A phishing website would not be able to get credentials on someone's else behalf. So, why RP need to verify the relying party ID?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1434 using your GitHub account
Received on Thursday, 4 June 2020 17:06:50 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 4 June 2020 17:06:51 UTC