Re: [webauthn] Why does WebAuthn require a challenge when asking the client to register a new credential? (#1355) from boogerlad via GitHub on 2021-10-28 (public-webauthn@w3.org from October 2021)

From: boogerlad via GitHub <sysbot+gh@w3.org>
Date: Thu, 28 Oct 2021 04:21:21 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-953490094-1635394879-sysbot+gh@w3.org>

@emlun can you clarify
> The challenge does have some value for the other attestation statement formats, though.

Is the server generated random challenge only used for "Android Key Attestation Statement Format" and "FIDO U2F Attestation Statement Format" as 
```
sha256({
    type: str
    challenge: str
    origin: str
    crossorigin: bool
})
```
?

-- 
GitHub Notification of comment by boogerlad
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1355#issuecomment-953490094 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 28 October 2021 04:21:22 UTC