I don't think any change is necessary. The combination of step 12: >Perform CBOR decoding on the _attestationObject_ field [...] to obtain [...] the authenticator data _authData_ and step 16: >the "alg" parameter in the credential public key in _authData_ seems pretty unambiguous to me. We also don't have detailed steps for in which order the RP should parse all the parts of the attestation object, and I don't think we should. Although I will agree that the name "_attested_ credential data" for the sub-datastructure is a bit unfortunate, since it doesn't really have much to do with attestation. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1555#issuecomment-772813206 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-configReceived on Wednesday, 3 February 2021 20:49:19 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:42 UTC