Re: [webauthn] Variable reference issue in DPK processing rules (#1817) from Adam Langley via GitHub on 2022-10-17 (public-webauthn@w3.org from October 2022)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Mon, 17 Oct 2022 21:06:37 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1281494779-1666040796-sysbot+gh@w3.org>

> Let attObjForDevicePublicKey be the value of the [devicePubKey](https://w3c.github.io/webauthn/#dom-authenticationextensionsclientoutputs-devicepubkey) member of clientExtensionResults.

Well, the DPK output is in clientExtensionResults too, although it's in the `authenticatorOutput` member now that the signature has been moved out of it. So I should have updated that. But one could take it from the authenticator data too. That version is signed over by the primary credential, although whether that matters to RPs who care about DPK, I'm not sure.

I'll craft a PR to mention the move to `authenticatorOutput`, but do you, as an RP, want to read it from the authData?

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1817#issuecomment-1281494779 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 17 October 2022 21:06:39 UTC