W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2021

Re: [webauthn] mmiller-improve-terminology-and-progression (#1615)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Sun, 23 May 2021 23:43:53 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-846644680-1621813432-sysbot+gh@w3.org>
> > causing confusion in some of my replies to issues, discussions in WG meetings, etc...
> 
> he may have been confusing only me ;-)

No, I don't think so. When I started, the specification was very confusing. Some other areas of confusion:

* Many items are UX hints, but are expressed with language that make them seem like requirements or policy
* 'discoverable credentials' 'resident keys' are very confusing terms which really should be "Ephemeral Key-Wrapped Keys" and "Persistent Private Key".
* Confusing terms like this, lead to even more confusing items like "storage modality" that only serve to add more confusion


Some of these have already led to CVE's in some implementations.

I think as well, there is a lot of confusion about the fact that there is clearly an intent behind "how" webauthn is intended to be used, but it's not always clear what that is. 

-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1615#issuecomment-846644680 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Sunday, 23 May 2021 23:43:57 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:43 UTC