W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2020

Re: [webauthn] Clarify How Client Data is Sent to Authenticator (#1443)

From: Nesuma via GitHub <sysbot+gh@w3.org>
Date: Fri, 19 Jun 2020 11:11:46 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-646578748-1592565104-sysbot+gh@w3.org>
There are also the subsections where it's not clear yet imo:

- [5.2.1](https://w3c.github.io/webauthn/#iface-authenticatorattestationresponse), here it even says `The exact JSON serialization MUST be preserved, as the hash of the serialized client data has been computed over it.` which doesn't make sense if only the hash is transmitted anyway
- [5.2.2](https://w3c.github.io/webauthn/#iface-authenticatorassertionresponse), same  

Wouldn't it be useful to rename this field to `clientDataJSONHash`or something similar in a future draft?

While looking through the spec I just noticed another anomaly with `clientDataJSON`. In [5.1.3](https://w3c.github.io/webauthn/#sctn-createCredential) and [5.1.4](https://w3c.github.io/webauthn/#sctn-getAssertion) during the creation of `credentialCreationData` and `assertionCreationData` it uses `clientDataJSON.clientExtensions` but `clientExtensions` are never a part of `clientDataJSON` as far as I can tell.

Is it ok if I use issues for questions with the specification like this or should I use the mailing list?

-- 
GitHub Notification of comment by Nesuma
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1443#issuecomment-646578748 using your GitHub account
Received on Friday, 19 June 2020 11:11:47 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:38:38 UTC