[webauthn] What is the difference between origin verification at client and RP end? (#1434) from Tarun kumar yadav via GitHub on 2020-06-04 (public-webauthn@w3.org from June 2020)

From: Tarun kumar yadav via GitHub <sysbot+gh@w3.org>
Date: Thu, 04 Jun 2020 17:06:48 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-631002814-1591290407-sysbot+gh@w3.org>

tarun14110 has just created a new issue for https://github.com/w3c/webauthn:

== What is the difference between origin verification at client and RP end? ==
According to the webauthn specification, the client verifies the origin of the RP. As the client, has already verified the origin of RP and sends to the authenticator, the authenticator would use the correct credential binding. A phishing website would not be able to get credentials on someone's else behalf. So, why RP need to verify the relying party ID?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1434 using your GitHub account

Received on Thursday, 4 June 2020 17:06:50 UTC