Re: [webauthn] Authenticator data flags reserved bits must be 0 or the figures would ideally be changed (#2063) from Emil Lundberg via GitHub on 2024-04-30 (public-webauthn@w3.org from April 2024)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Tue, 30 Apr 2024 13:00:03 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2085263218-1714482001-sysbot+gh@w3.org>

It is defined under "[**Authenticators perform the following steps to generate an authenticator data structure**](https://www.w3.org/TR/webauthn-3/#authenticator-data-perform-the-following-steps-to-generate-an-authenticator-data-structure)" that:

>- The [UP](https://www.w3.org/TR/webauthn-3/#authdata-flags-up) [flag](https://www.w3.org/TR/webauthn-3/#authdata-flags) SHALL be set if and only if [...]. The RFU bits SHALL be set to zero.

However, the [RP Operations](https://www.w3.org/TR/webauthn-3/#sctn-rp-operations) procedures do not instruct to enforce that the flags be zero. Doing so would make any compliant RP implementations incompatible with future changes that allocate these flags to be used, like we have done in L3 with the BE and BS flags.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2063#issuecomment-2085263218 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 30 April 2024 13:00:04 UTC