- From: Petr Dvořák via GitHub <sysbot+gh@w3.org>
- Date: Mon, 11 Mar 2024 09:45:34 +0000
- To: public-webauthn@w3.org
Maybe one more comment from my side after extensive reading on this subject (apologies, but I am fascinated that a challenge-response protocol does not allow sending the challenge to the authenticator in plain form, or at least augment it with custom data). From what I understood, one of the reasons why web browser vendors did not implement `txAuthSimple` extension was that they did not want to display data provided by the relying party (web page) in the browser UI. We can live without this - no need to display anything. This is why we added a display to our authenticator. The user can only see the challenge data / associated data in the authenticator - we are OK with this. We just need a way to sneak structured data to the authenticator. I still think the best way to do this is not to destroy the challenge object by hashing it, but having an extension that works the best effort is enough. -- GitHub Notification of comment by petrdvorak Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2020#issuecomment-1987999302 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 11 March 2024 09:45:35 UTC