- From: David Waite via GitHub <sysbot+gh@w3.org>
- Date: Wed, 10 Jul 2024 19:36:00 +0000
- To: public-webauthn@w3.org
> So yeah, I would omit the second paragraph. Probably the first one too, leaving just the actual requirements. I reckon the use cases of a unique serial number are probably obvious enough. This text exists because there not text describing what enterprise attestations actually are (delegated to CTAP), and it is meant to be a section on requirements on what to expect/how to process these attestations. Those sorts of processing instructions aren't really provided by CTAP (which is not really describing RP behavior). We can eliminate the first paragraph by pointing to https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#sctn-feature-descriptions-enterp-attstn I agree the second paragraph doesn't belong in normative text and thus should be removed. Also, I would happily entertain another document where implementation guidance would be more appropriate. > I also haven't yet seen a clear answer to [my question above](https://github.com/w3c/webauthn/pull/1954#discussion_r1311514087): is this OCTET STRING value in general an encoded integer, or just an opaque octet string with undefined internal structure? @ve7jtb @dturnerx do you have any guidance here? The only example I have access to is an OCTET_STRING of an OCTET_STRING of a binary serial number. -- GitHub Notification of comment by dwaite Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1954#issuecomment-2221279916 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 10 July 2024 19:36:01 UTC