[webauthn] Return public key in attestedCredentialData on authenticatorGetAssertion (#1928) from Andrew Hariri via GitHub on 2023-07-25 (public-webauthn@w3.org from July 2023)

From: Andrew Hariri via GitHub <sysbot+gh@w3.org>
Date: Tue, 25 Jul 2023 20:18:57 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1821078964-1690316334-sysbot+gh@w3.org>

hariria has just created a new issue for https://github.com/w3c/webauthn:

== Return public key in attestedCredentialData on authenticatorGetAssertion ==
## Proposed Change

I was curious why the [`attestedCredentialData`](https://www.w3.org/TR/webauthn-2/#attestedcredentialdata) in the [`authenticatorGetAssertion`](https://www.w3.org/TR/webauthn-2/#authenticatorgetassertion) never included the public key of the credential. 

It includes the credential ID, but not the public key, which is arguably much more important for verifying the signature. Is there some way to perhaps force bit `6` of the [`flags`](https://www.w3.org/TR/webauthn-2/#flags) to be true so as to require the public key to be returned in the [Attested credential data](https://www.w3.org/TR/webauthn-2/#attested-credential-data)?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1928 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 25 July 2023 20:18:59 UTC