Re: [webauthn] Clarify How Client Data is Sent to Authenticator (#1443)

There are also the subsections where it's not clear yet imo:

- [5.2.1](, here it even says `The exact JSON serialization MUST be preserved, as the hash of the serialized client data has been computed over it.` which doesn't make sense if only the hash is transmitted anyway
- [5.2.2](, same  

Wouldn't it be useful to rename this field to `clientDataJSONHash`or something similar in a future draft?

While looking through the spec I just noticed another anomaly with `clientDataJSON`. In [5.1.3]( and [5.1.4]( during the creation of `credentialCreationData` and `assertionCreationData` it uses `clientDataJSON.clientExtensions` but `clientExtensions` are never a part of `clientDataJSON` as far as I can tell.

Is it ok if I use issues for questions with the specification like this or should I use the mailing list?

GitHub Notification of comment by Nesuma
Please view or discuss this issue at using your GitHub account

Received on Friday, 19 June 2020 11:11:47 UTC