> Can the device private key sign over just clientDataHash instead of (clientDataHash || userCredentialId)? I understand the need to "bind" the device private key to a user credential, but I was thinking the RP can just remember which user credential the device private key is associated with the first time it sees it. Signing over userCredentialId prudently yields a cryptographic binding to the user credential, strongly demonstrating the device private key had access to the userCredentialId. When verified by a RP, it will help prevent the RP being possibly snookered by, say, some form of malware-induced substitution attack (although I do not have such a worked-out attack scenario at this time). Do you anticipate or find it an implementation hardship for the device private key to sign over both clientDataHash and userCredentialId ? -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1658#issuecomment-974338933 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-configReceived on Friday, 19 November 2021 19:15:20 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:45 UTC