Re: [webauthn] User verification policy leads to ambiguous usage situations. (#1510) from Shane Weeden via GitHub on 2021-01-21 (public-webauthn@w3.org from January 2021)

From: Shane Weeden via GitHub <sysbot+gh@w3.org>
Date: Thu, 21 Jan 2021 04:19:42 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-764254690-1611202781-sysbot+gh@w3.org>

> The specification does not make it clear which properties of a webauthn challenge/response are signed and verifiable, and which are not, which leads to ambiguity and a belief in properties of webauthn that may not hold.

Step 20 of the verification procedure does make this clear. 

-- 
GitHub Notification of comment by sbweeden
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1510#issuecomment-764254690 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 21 January 2021 04:19:46 UTC