- From: Adam Langley <noreply@github.com>
- Date: Mon, 29 Jun 2020 14:19:50 -0700
- To: public-webauthn@w3.org
Branch: refs/heads/prf
Home: https://github.com/w3c/webauthn
Commit: 46a5c20d273bd69b71071ff384036592bddd61c5
https://github.com/w3c/webauthn/commit/46a5c20d273bd69b71071ff384036592bddd61c5
Author: Adam Langley <agl@imperialviolet.org>
Date: 2020-05-25 (Mon, 25 May 2020)
Changed paths:
M index.bs
Log Message:
-----------
PRF extension.
Some applications such as password managers have requested the ability
to associate a symmetric key with a credential. The CTAP2 `hmac-secret`
extension allows something very like this, and is already widely
deployed. The limitation is that it's not possible to get an HMAC output
during registration because the extension only provides outputs for
assertions and it requires user presence. That gave me pause and we
could, instead, use the new credBlob extension. But I think the utility
of being able to rotate keys, and having existing hardware support, is
compelling enough and we'll have to see whether RPs can tolerate needing
two touches to setup.
Commit: 84d56ffdb8ffe8322128c488ddd76ea114629918
https://github.com/w3c/webauthn/commit/84d56ffdb8ffe8322128c488ddd76ea114629918
Author: Adam Langley <agl@imperialviolet.org>
Date: 2020-06-02 (Tue, 02 Jun 2020)
Changed paths:
M index.bs
Log Message:
-----------
Several updates to the PRF extension:
· Now possible to pass in a set of PRF inputs, per-credential ID, when
getting an assertion.
· Inputs are now a structure rather than a list that had text
specifying the valid lengths.
· Wording updated to note that some authenticators may have only a
single PRF.
Commit: ff73507a81b0c053557753b0b511eb1c9c73d251
https://github.com/w3c/webauthn/commit/ff73507a81b0c053557753b0b511eb1c9c73d251
Author: Adam Langley <agl@imperialviolet.org>
Date: 2020-06-03 (Wed, 03 Jun 2020)
Changed paths:
M index.bs
Log Message:
-----------
Expand upon the example a little
Commit: 4484d3f606ed021166c18714e69310d677fc9cd0
https://github.com/w3c/webauthn/commit/4484d3f606ed021166c18714e69310d677fc9cd0
Author: Adam Langley <agl@google.com>
Date: 2020-06-08 (Mon, 08 Jun 2020)
Changed paths:
M index.bs
Log Message:
-----------
Apply emlun's suggestion
Co-authored-by: Emil Lundberg <emil@emlun.se>
Commit: ff3cf6c29c761e39454a5359aeebc25bb2516608
https://github.com/w3c/webauthn/commit/ff3cf6c29c761e39454a5359aeebc25bb2516608
Author: Adam Langley <agl@imperialviolet.org>
Date: 2020-06-08 (Mon, 08 Jun 2020)
Changed paths:
M index.bs
Log Message:
-----------
Address emlun's comments
Commit: 5395c0b7d387503c03e1209ac84fe1e4b5efa77b
https://github.com/w3c/webauthn/commit/5395c0b7d387503c03e1209ac84fe1e4b5efa77b
Author: Adam Langley <agl@imperialviolet.org>
Date: 2020-06-10 (Wed, 10 Jun 2020)
Changed paths:
M index.bs
Log Message:
-----------
Reflect emlun's comments.
· Drop the `enable` member and use presence of `prf` to enable.
· Make the inputs ArrayBuffers and merge the two dictionaries.
Commit: d4962148fc23aa7987567869a47087f4fd8e91d8
https://github.com/w3c/webauthn/commit/d4962148fc23aa7987567869a47087f4fd8e91d8
Author: Adam Langley <agl@google.com>
Date: 2020-06-13 (Sat, 13 Jun 2020)
Changed paths:
M index.bs
Log Message:
-----------
Apply emlun's suggestions
Co-authored-by: Emil Lundberg <emil@emlun.se>
Commit: 3cf037fccc33af27eb9701ca07fafe16f8a37f34
https://github.com/w3c/webauthn/commit/3cf037fccc33af27eb9701ca07fafe16f8a37f34
Author: Adam Langley <agl@imperialviolet.org>
Date: 2020-06-13 (Sat, 13 Jun 2020)
Changed paths:
M index.bs
Log Message:
-----------
Address a couple of emlun's comments
Commit: f9b09ffc891919fb5655c10294fc54fccfe7250c
https://github.com/w3c/webauthn/commit/f9b09ffc891919fb5655c10294fc54fccfe7250c
Author: Adam Langley <agl@imperialviolet.org>
Date: 2020-06-19 (Fri, 19 Jun 2020)
Changed paths:
M index.bs
Log Message:
-----------
Several minor updates.
The handling of userVerification by RPs needed to be updated. For
example, even if they consistently specified “discouraged” for both
create() and get(), if they also set requireResidentKey then Chroem, for
one, will force UV during create. Thus RPs that are using a future CTAP
extension to evaluate the PRFs during create will have to inspect the
authenticator data to learn which PRF the output is from.
Otherwise, this tweaks some corner cases, like whether an empty
extension is echoed in an assertion if no keys were recognised in the
input.
Commit: 10e91362e71ab4a45fe44a2fb3b16bdaf0ea3a77
https://github.com/w3c/webauthn/commit/10e91362e71ab4a45fe44a2fb3b16bdaf0ea3a77
Author: Adam Langley <agl@google.com>
Date: 2020-06-22 (Mon, 22 Jun 2020)
Changed paths:
M index.bs
Log Message:
-----------
Apply suggestions from code review
Co-authored-by: Emil Lundberg <emil@emlun.se>
Commit: b26ca6622dd9b419859b08bf28917b3c76780d2c
https://github.com/w3c/webauthn/commit/b26ca6622dd9b419859b08bf28917b3c76780d2c
Author: Adam Langley <agl@imperialviolet.org>
Date: 2020-06-22 (Mon, 22 Jun 2020)
Changed paths:
M index.bs
Log Message:
-----------
Address emlun's comments.
Commit: b036d140629068b9982702e6bd889dc5a759ce3d
https://github.com/w3c/webauthn/commit/b036d140629068b9982702e6bd889dc5a759ce3d
Author: Adam Langley <agl@imperialviolet.org>
Date: 2020-06-29 (Mon, 29 Jun 2020)
Changed paths:
M index.bs
Log Message:
-----------
Always echo the extension
Compare: https://github.com/w3c/webauthn/compare/46a5c20d273b%5E...b036d1406290
Received on Monday, 29 June 2020 21:20:02 UTC