W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2021

Re: [webauthn] User verification policy leads to ambiguous usage situations. (#1510)

From: Shane Weeden via GitHub <sysbot+gh@w3.org>
Date: Thu, 21 Jan 2021 04:19:42 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-764254690-1611202781-sysbot+gh@w3.org>
> The specification does not make it clear which properties of a webauthn challenge/response are signed and verifiable, and which are not, which leads to ambiguity and a belief in properties of webauthn that may not hold.

Step 20 of the verification procedure does make this clear. 

-- 
GitHub Notification of comment by sbweeden
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1510#issuecomment-764254690 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 21 January 2021 04:19:46 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:38:40 UTC