Re: [webauthn] Split RP ops "Registering a new credential" into one with and one without attestation (#1710) from Arnaud Dagnelies via GitHub on 2022-03-29 (public-webauthn@w3.org from March 2022)

From: Arnaud Dagnelies via GitHub <sysbot+gh@w3.org>
Date: Tue, 29 Mar 2022 16:34:19 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1082103801-1648571658-sysbot+gh@w3.org>

Ah, that's what I have been missing I guess. The signature included in the `attStmt` object is not using the public/private key pair, but is signed using the authenticator's certificate... that makes sense. That is the big puzzle piece I missed. Thanks for enlightning me.

`

-- 
GitHub Notification of comment by dagnelies
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1710#issuecomment-1082103801 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 29 March 2022 16:35:34 UTC