Re: [webauthn] Variable reference issue in DPK processing rules (#1817) from Shane Weeden via GitHub on 2022-10-17 (public-webauthn@w3.org from October 2022)

From: Shane Weeden via GitHub <sysbot+gh@w3.org>
Date: Mon, 17 Oct 2022 21:10:09 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1281498560-1666041008-sysbot+gh@w3.org>

As an RP, I would prefer to read it from the authenticator-attested field rather than the unsigned client extensions output. If it's an exact copy in the `authenticatorOutput` unsigned client extension, then shouldn't part of the verification be making sure these are the same value?

-- 
GitHub Notification of comment by sbweeden
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1817#issuecomment-1281498560 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 17 October 2022 21:10:11 UTC