Re: [webauthn] Can the private keys be used for other cryptographic operations? (#1595) from Firstyear via GitHub on 2021-04-10 (public-webauthn@w3.org from April 2021)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Sat, 10 Apr 2021 23:45:38 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-817217895-1618098337-sysbot+gh@w3.org>

@rlin1 That's fine, but I think that the standard needs to not only express what it can do, but also advise on what it can not and make constructive links to things like the webcrypto api or others that are able to solve this problem. IE in the section about assertion it should clearly state that the nonce should not be used to sign arbitrary data, should reference the links you provide, and give reasons. 

-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1595#issuecomment-817217895 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Saturday, 10 April 2021 23:45:40 UTC