- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Tue, 27 Sep 2022 17:00:55 +0000
- To: public-webauthn@w3.org
- Message-Id: <E1odDx1-005GhP-2f@uranus.w3.org>
Issues
------
* w3c/webauthn (+4/-5/💬18)
4 issues created:
- hmacCreateSecret (by dontcallmedom)
https://github.com/w3c/webauthn/issues/1809 [type:technical]
- Requirements for security of MDC, DPK and attestation (by keikoit)
https://github.com/w3c/webauthn/issues/1808 [stat:Discuss] [subtype:FeatureProposal]
- Clarity on challenge length (by sbweeden)
https://github.com/w3c/webauthn/issues/1803 [type:editorial]
- Bikeshed build failing (by sbweeden)
https://github.com/w3c/webauthn/issues/1802 [type:process]
7 issues received 18 new comments:
- #1809 hmacCreateSecret (2 by dontcallmedom, emlun)
https://github.com/w3c/webauthn/issues/1809 [type:technical]
- #1808 Requirements for security of MDC, DPK and attestation (7 by Firstyear, kkoiwai, maxhata, sbweeden, timcappalli)
https://github.com/w3c/webauthn/issues/1808 [stat:Discuss]
- #1803 Clarity on challenge length (3 by Firstyear, emlun)
https://github.com/w3c/webauthn/issues/1803
- #1799 Requirements for attestation for DPK (1 by agl)
https://github.com/w3c/webauthn/issues/1799 [stat:Discuss] [subtype:FeatureProposal]
- #1568 Support a "create or get [or replace]" credential re-association operation (2 by kevvurs, timcappalli)
https://github.com/w3c/webauthn/issues/1568 [type:technical]
- #1555 Move step 16 of Registration to between 21 and 22 (1 by emlun)
https://github.com/w3c/webauthn/issues/1555 [type:editorial]
- #1012 Determining length of `attestedCredentialData` when authenticator extensions present. (2 by FrankZhangPA, emlun)
https://github.com/w3c/webauthn/issues/1012 [type:editorial] [stat:pr-open]
5 issues closed:
- Requirements for security of MDC, DPK and attestation https://github.com/w3c/webauthn/issues/1808 [stat:Discuss]
- hmacCreateSecret https://github.com/w3c/webauthn/issues/1809 [type:technical]
- Requirements for attestation for DPK https://github.com/w3c/webauthn/issues/1799 [stat:Discuss] [subtype:FeatureProposal]
- Inconsistencies in backup state flags https://github.com/w3c/webauthn/issues/1740 [type:editorial] [stat:pr-open]
- Missing specification on rpId validations when calling credentials.get() from a different origin https://github.com/w3c/webauthn/issues/1731 [type:editorial] [stat:pr-open] [subtype:RP-impl-cons]
Pull requests
-------------
* w3c/webauthn (+4/-3/💬4)
4 pull requests submitted:
- Move state updates to last in in RP verification steps (by emlun)
https://github.com/w3c/webauthn/pull/1807 [type:editorial]
- Fix incorrect use of options variable: extract signal and mediation attributes first (by emlun)
https://github.com/w3c/webauthn/pull/1806 [type:editorial]
- Fix incorrect use of options variables in create() and get() (by emlun)
https://github.com/w3c/webauthn/pull/1805 [type:editorial]
- Replace obsolete RFC8152 with RFC9052 and RFC9053 (by emlun)
https://github.com/w3c/webauthn/pull/1804 [type:editorial] [stat:Blocking]
2 pull requests received 4 new comments:
- #1807 Move state updates to last in in RP verification steps (1 by emlun)
https://github.com/w3c/webauthn/pull/1807 [type:editorial]
- #1773 Extract Credential Record abstraction (3 by emlun, timcappalli)
https://github.com/w3c/webauthn/pull/1773 [type:editorial]
3 pull requests merged:
- Extract Credential Record abstraction
https://github.com/w3c/webauthn/pull/1773 [type:editorial]
- Fix inconsistencies in backup state flags
https://github.com/w3c/webauthn/pull/1772 [type:editorial]
- Add "Code injection attacks" security consideration
https://github.com/w3c/webauthn/pull/1733 [type:editorial] [subtype:RP-impl-cons]
Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webauthn
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 27 September 2022 17:00:57 UTC