Re: [webauthn] Variable reference issue in DPK processing rules (#1817) from Adam Langley via GitHub on 2022-10-18 (public-webauthn@w3.org from October 2022)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Tue, 18 Oct 2022 23:11:31 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1283115800-1666134689-sysbot+gh@w3.org>

>  If it's an exact copy in the authenticatorOutput unsigned client extension, then shouldn't part of the verification be making sure these are the same value?
> is there any particular reason a redundant copy of the authenticator extension information also appears in the client extension output?

As a pattern, authenticator outputs are duplicated into the client outputs. Mike Jones has always insisted on it.

I don't believe that we have instructions for verifying the concordance of extension outputs elsewhere, thus we don't here either. I don't mind either way.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1817#issuecomment-1283115800 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 18 October 2022 23:11:33 UTC