- From: Matthew Miller via GitHub <noreply@w3.org>
- Date: Wed, 27 Aug 2025 22:19:04 +0000
- To: public-webauthn@w3.org
The following commits were just pushed by MasterKale to https://github.com/w3c/webauthn:
* Handle Bikeshed 5.0.3
Using macros inside of autolinks previously worked only accidentally; I made it work *explicitly* in Bikeshed 5.0. I've since walked back that decision, and put it behind a pref in 5.0.3.
by Tab Atkins Jr.
https://github.com/w3c/webauthn/commit/89ba883b4bd2c7d39b6c9d82f59252af5bd1cd86
* Merge pull request #2254 from tabatkins/patch-1
Handle Bikeshed 5.0.3
by Emil Lundberg
https://github.com/w3c/webauthn/commit/f616b28268a0552939fb6fd897cec43338dca928
* Fix test vectors heading levels
These were subsections of "Attestation trust root certificate", which does not
seem appropriate.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/559de50ec9386fff5e24937176877a507d3fa4ac
* chore: Fix issue template contact links
The previous PR didn't seem to apply. Attempting to add "about" key to fix it
by Tim Cappalli
https://github.com/w3c/webauthn/commit/7eff864f21644d6bbb94601e67b2b3e115d84947
* Merge pull request #2264 from w3c/timcappalli-patch-2
by Tim Cappalli
https://github.com/w3c/webauthn/commit/ebffdfd38600698091bf35cb1c4f2c70bd66695c
* chore: try 3 for fixing the issue template
thank you GH for not natively validating yaml 😭
by Tim Cappalli
https://github.com/w3c/webauthn/commit/d7a03d4b8ba5a71736c464f17aaece86c1dda9f0
* Merge pull request #2265 from w3c/timcappalli-patch-3
chore: try 3 for fixing the issue template
by Tim Cappalli
https://github.com/w3c/webauthn/commit/8a061d748ccfda66c5ad2c1c5c595068a2123ae2
* Merge pull request #2261 from w3c/test-vectors-heading-level
Fix test vectors heading levels
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e461bfa2f41a48a69fa343897294ea436c5eda59
* Remove outdated notes about permissions policy
by Matthew Miller
https://github.com/w3c/webauthn/commit/425cfab3414c99856f7ba69d17b33e0536b10f64
* #2269 Fix JavaScript sample code snippets
by Kosuke Koiwai (aka.) 小岩井 航介
https://github.com/w3c/webauthn/commit/6d3fe7ca3a68ed393ebaa48b7e558d732c32ee92
* Fix PublicKeyCredentialDescriptor attribute name
Fixes the PublicKeyCredentialDescriptor attribute name to read `type` instead of `id`
by Joost van Dijk
https://github.com/w3c/webauthn/commit/7ad66141a7708712fa53c48f13644d0f5a707cbd
* w3c#2269 another fix of JavaScript sample code snippets
Made EdDSA to the top priority
Deleted the normative change in line 1825
by Kosuke Koiwai (aka.) 小岩井 航介
https://github.com/w3c/webauthn/commit/0c7395c930a4ec03b7f0a59f319a2dbf1d06fd27
* Merge pull request #2267 from w3c/mm/2251-remove-permissions-policy-notes
Remove outdated notes about permissions policy on `isUVPAA()` and `getCC()`
by Matthew Miller
https://github.com/w3c/webauthn/commit/76e670657c0e0a1af7371d5a65b817ecd52ba86a
* Fix spelling in README.md
While reading through the README I found a few mistakes.
Please let me know if this is inappropriate and you may close this.
by Jonathan Underwood
https://github.com/w3c/webauthn/commit/c49105eac06f84b1ff6b7e5b2e517c7e5a2d9b26
* Merge pull request #2273 from joostd/patch-1
Fix PublicKeyCredentialDescriptor attribute name
by Nick Steele
https://github.com/w3c/webauthn/commit/01fb6f54bb6e03874e73d69a5d51e31e965136b8
* Merge pull request #2274 from junderw/patch-1
Fix spelling in README.md
by Michael B. Jones
https://github.com/w3c/webauthn/commit/1e0f5e032a901818d9989950acfb4888860f4211
* Merge pull request #2271 from kkoiwai/patch-1
#2269 Fix JavaScript sample code snippets
by Matthew Miller
https://github.com/w3c/webauthn/commit/ea670c37bcf3c3ba966eaec9e329c881a1b31b6f
* Fix number of PRFs in AuthenticationExtensionsPRFOutputs.enabled description
by Emil Lundberg
https://github.com/w3c/webauthn/commit/cddb53a43fe05de222596e05e9e010504bad4ba3
* Merge pull request #2277 from w3c/prf-enabled-fix-description
Fix number of PRFs in AuthenticationExtensionsPRFOutputs.enabled description
by Michael B. Jones
https://github.com/w3c/webauthn/commit/1745d5f3a1842ed11a3c01da05cf9d83575d501f
* Fix lint: unambiguous ref 'allowed to use'
Fixes this Bikeshed lint:
```
LINE 4469:1: Multiple possible 'allowed to use' dfn refs.
Arbitrarily chose https://html.spec.whatwg.org/multipage/iframe-embed-object.html#allowed-to-use
To auto-select one of the following refs, insert one of these lines into a <pre class=link-defaults> block:
spec:html; type:dfn; text:allowed to use
spec:private-aggregation-api; type:dfn; text:allowed to use
[=allowed to use=]
LINE 4471:65: Multiple possible 'allowed to use' dfn refs.
Arbitrarily chose https://html.spec.whatwg.org/multipage/iframe-embed-object.html#allowed-to-use
To auto-select one of the following refs, insert one of these lines into a <pre class=link-defaults> block:
spec:html; type:dfn; text:allowed to use
spec:private-aggregation-api; type:dfn; text:allowed to use
[=allowed to use=]
```
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d99912f4abe750483c97a52290b970b194137a11
* Fix lint: Undefined ref PublicKeyCredential/CollectFromCredentialStore
Fixes this Bikeshed lint:
```
LINE 2258:27: No 'idl' refs found for '[[CollectFromCredentialStore]]()' with for='['PublicKeyCredential']'.
{{PublicKeyCredential/[[CollectFromCredentialStore]]()}}
```
by Emil Lundberg
https://github.com/w3c/webauthn/commit/4655be08e69b3ed22eb435b1b537db06aaee0049
* Merge pull request #2279 from w3c/bikeshed-lint
Fix Bikeshed lint
by Emil Lundberg
https://github.com/w3c/webauthn/commit/43b55de14af82585342977f8533ec6284aca8a2d
* Add script for generating PRF test vectors
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e5cbfe352b55ae56ec514420017b227e70e8306a
* Fix mistake in description of how hmac-secret inputs were generated
by Emil Lundberg
https://github.com/w3c/webauthn/commit/946490376a44df546c6745f2d17d5dbe5aa3089c
* Use initially claimed values for hmac-secret input generation
by Emil Lundberg
https://github.com/w3c/webauthn/commit/87cab44efad607ee370416f4cf517eb77f28d632
* Add COSEAlgorithmIdentifier values -9 and -50 to examples and recommendations
by Emil Lundberg
https://github.com/w3c/webauthn/commit/bf68caf4bfb63e4631c306c5c77166e6584949df
* Require that ESP256 keys MUST NOT use compressed form
by Emil Lundberg
https://github.com/w3c/webauthn/commit/22b5cc8ead19fdc5514d9fbbc3a27b1c0b8ef944
* Add JSON partial dictionaries for extensions
by Emil Lundberg
https://github.com/w3c/webauthn/commit/43972a4495d4247f4fac0257a9382b4b7dbe0087
* Merge pull request #2284 from w3c/issue-1968-extensions-json
Add JSON partial dictionaries for extensions
by Emil Lundberg
https://github.com/w3c/webauthn/commit/06dfbc8badb0249c6c002cb8788df8d4d79d8a7c
* Add uncompressed form requirement for ESP384 and ESP512
by Emil Lundberg
https://github.com/w3c/webauthn/commit/928c6684a87c0a1e1efc7c0506009fac3e9a1b76
* Add script used to generate test vectors
by Emil Lundberg
https://github.com/w3c/webauthn/commit/c867cf24871a13c3619c1d2d0c87062771f463c3
* Include file name in END GENERATED CONTENT tag
by Emil Lundberg
https://github.com/w3c/webauthn/commit/4ad98b617720ad9e2f0863df8d8890877e1f88f0
* Add script for injecting generated test vectors into index.bs
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d51a7ad1327a3a6f5649f0b3c63953b922c251a2
* Add and prefer fully-specified COSE algorithm identifers in test vectors
by Emil Lundberg
https://github.com/w3c/webauthn/commit/a4575b3f039d932a2f6168e025ea6cba08684a55
* Add Ed448 test vectors
by Emil Lundberg
https://github.com/w3c/webauthn/commit/48f24023b2a37f5fd63fc774f6ae3019bd7bd2cc
* Check that test vectors are up to date in GitHub Actions workflow
by Emil Lundberg
https://github.com/w3c/webauthn/commit/00542a65b4da5ace4aaf3d3c281a75ae4fe82e36
* Use same attestation alg as credential alg in self attestation test vector
by Emil Lundberg
https://github.com/w3c/webauthn/commit/865c94ac3581a98a46402e0cfe4bbf70b5465a9b
* Use ESP256 instead of ES256 as attestation alg in test vectors
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b4d412c2c36e715dd709aabf0d2540fda04b3de1
* Add to list of new features since L2
by Matthew Miller
https://github.com/w3c/webauthn/commit/b56d7e9e758f41caeaaa9be9f0c1a7b58fa0fec8
* Incorporate feedback
by Matthew Miller
https://github.com/w3c/webauthn/commit/9037c7330d945cb980edabf2e3a76dc2ee70f7a2
* Merge pull request #2289 from w3c/gen-test-vectors
Add scripts used to generate test vectors
by Emil Lundberg
https://github.com/w3c/webauthn/commit/86e50a933516932288e81c50e7bfde5c59188abc
* Merge branch 'main' into issue-2282-fully-spec-algs
by Emil Lundberg
https://github.com/w3c/webauthn/commit/8cffb7acae1e88f558db6ef7cb4de46a2191565f
* Merge pull request #2290 from w3c/test-vectors-fully-spec-algs
Add and prefer fully-specified COSE algorithm identifers in test vectors
by Emil Lundberg
https://github.com/w3c/webauthn/commit/c47f7e94e313f7ebff61ea0e0bce751c3a99cd7c
* Update test vectors to draft 12 of COSE fully-specified algs
ESP384, ESP512, Ed25519 and Ed448 values were changed in draft 12 due
to conflict with those values assigned to ML-DSA:
https://www.ietf.org/archive/id/draft-ietf-jose-fully-specified-algorithms-12.html#name-fully-specified-digital-sig
by Emil Lundberg
https://github.com/w3c/webauthn/commit/9187c326e508b69ad27dc9873bcd8fe2b052c50c
* Update to match draft 12 of draft-ietf-jose-fully-specified-algorithms
ESP384, ESP512, Ed25519 and Ed448 values were changed in draft 12 due to
conflict with those values assigned to ML-DSA:
https://www.ietf.org/archive/id/draft-ietf-jose-fully-specified-algorithms-12.html#name-fully-specified-digital-sig
by Emil Lundberg
https://github.com/w3c/webauthn/commit/c129a055c23e97b01caf513aa130a48d3904afe2
* Update test-vectors fido2 dependency to official version
by Emil Lundberg
https://github.com/w3c/webauthn/commit/ab50d193bd7b50bb4fb07092a750e5364d127ddf
* Revert preferring new COSE identifiers in examples and test vectors
by Emil Lundberg
https://github.com/w3c/webauthn/commit/3bde13862e16d0e8ec6a9a19be3360a483e2d519
* Rename Ed25519 test vector section anchor and seed to EdDSA
To reflect that the COSEAlgorithmIdentifier used in this test vector is in fact
`EdDSA (-8)`, not the recently registered `Ed25519 (-19)`.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/1882f7ff6d01f4894e58747d7a46f88cdb0e5ba5
* Merge pull request #2292 from w3c/mm/2268-add-attestationformats-changes-since-L2
Add `attestationFormats` to the list of new features since L2
by Emil Lundberg
https://github.com/w3c/webauthn/commit/ca16c48e8b68c183eb80f2602a95063b6e76ae5c
* Revert adding new COSE algs to recommendations and examples
by Emil Lundberg
https://github.com/w3c/webauthn/commit/1c88e2926458008b92213a2e39a307b9b0c682df
* Recommend against ESP* and Ed25519 COSEAlgorithmIdentifiers
by Emil Lundberg
https://github.com/w3c/webauthn/commit/472e8d0bc6cbf4f09e69fc0561c4199e3fe3a630
* Merge pull request #2283 from w3c/issue-2282-fully-spec-algs
Account for new fully-specified ECDSA and Ed448 COSEAlgorithmIdentifiers
by Emil Lundberg
https://github.com/w3c/webauthn/commit/3bcf9d52f1541aecfe050c6bdc41ed30e4f5dcba
* Clarify relationship between PRF and hmac-secret extensions
by Emil Lundberg
https://github.com/w3c/webauthn/commit/5e38d659f2334b88f299e6b0ba4652789100cc32
* Generalize prf processing steps for non-CTAP implementations
by Emil Lundberg
https://github.com/w3c/webauthn/commit/88426f7b2bd4f3d7340ee6393fcdebd3a544a371
* Fix typo in PRF extension introduction
by Emil Lundberg
https://github.com/w3c/webauthn/commit/3f98b01f252c110a5a6bc0e373739a31634834a6
* Require non-CTAP PRF to be independent of UV
by Emil Lundberg
https://github.com/w3c/webauthn/commit/bfcbed21adeb8e6432b533c500c42d498d9611b8
* Drop redundant collision resistance qualifier from abstract PRF procedure
by Emil Lundberg
https://github.com/w3c/webauthn/commit/6ba2237d3ba9d8c299efa46838bb4c03286f6b85
* Add change history since Level 3 Working Draft 2
by Emil Lundberg
https://github.com/w3c/webauthn/commit/c71ec5625db2228879235f78d15ed9f769e7e340
* Add missing period to uvm document history item
by Emil Lundberg
https://github.com/w3c/webauthn/commit/17d5b9f8e8bc93bf3f58abefe3aa054d14beccc2
* Merge pull request #2301 from w3c/history-since-l3-wd2
Add change history since Level 3 Working Draft 2
by Emil Lundberg
https://github.com/w3c/webauthn/commit/3e3cfc31a68acc1ef3d54e7ae7bf6c9f96f18e82
* Fix PRF registration inputs referencing eval instead of salt1 and salt2
by Emil Lundberg
https://github.com/w3c/webauthn/commit/e75c208cae67809bb91b50f8cf1d8495a5a01a28
* Fix COSEAlgorithmIdentifier in section 5.4
by Lennart Kloock
https://github.com/w3c/webauthn/commit/b29a599e056363fdad7e0eeb7206f0b9701ca580
* Consistently refer to COSE IDs as "int (name)" instead of "name (int)"
by Emil Lundberg
https://github.com/w3c/webauthn/commit/c8490b1ed61a65e10825dcbecc8bc08017dd863a
* Merge pull request #2305 from w3c/cose-id-formatting
Consistently refer to COSE IDs as "int (name)" instead of "name (int)"
by Michael B. Jones
https://github.com/w3c/webauthn/commit/4e2f45c51ae0d02c192c7853d56efc0e230e78ef
* Merge pull request #2304 from lennartkloock/fix-cose-alg-identifier
Fix COSEAlgorithmIdentifier in section 5.4
by Michael B. Jones
https://github.com/w3c/webauthn/commit/c591bcbe690f8e4b32cf7017d0368ae1244a2c76
* Merge pull request #2298 from w3c/issue-2285-clarify-prf-hmac-secret
Generalize PRF extension processing to non-CTAP authenticators
by Pascoe
https://github.com/w3c/webauthn/commit/a61ad90d7b225e0bb7e17b6f29dea3635391466b
* Deprecate in-field language/direction metadata
See discussions in:
- https://github.com/w3c/webauthn/pull/2280
- https://github.com/w3c/webauthn/issues/1643#issuecomment-2985299304
by Emil Lundberg
https://github.com/w3c/webauthn/commit/b063a8723395de369769034b302d003434e4b8bf
* Fix typo
Pointed out in:
https://github.com/w3c/webauthn/issues/2295#issuecomment-3054350895
by Emil Lundberg
https://github.com/w3c/webauthn/commit/899089f19d2650b9f356360de2c8066bba15d623
* Merge pull request #2311 from w3c/typo
Fix typo
by Emil Lundberg
https://github.com/w3c/webauthn/commit/96cc62b627f0b17114931e1bbc546f376f372c5d
* Add note that DER lengths vary with INTEGER magnitude and curve size
by Emil Lundberg
https://github.com/w3c/webauthn/commit/d7ff4e555875885952254458c9dae4c7da4c7671
* Change DER signature example to include INTEGERs of different lengths
Example copied from test vectors "ES256 Credential with very long credential ID"
whose signature happens to have components of different lengths.
by Emil Lundberg
https://github.com/w3c/webauthn/commit/00160d514a7dd412ceb77400702a98d0d97b43e3
* Change DER signature example to include long and short INTEGERs
by Emil Lundberg
https://github.com/w3c/webauthn/commit/81514c74078ede304139ff95c0430984058950bc
* Merge pull request #2315 from w3c/issue-2314-der-example
Clarify that DER lengths vary with INTEGER magnitude and curve size
by Matthew Miller
https://github.com/w3c/webauthn/commit/cc8c1e1936b619c91d97dc609073584d0ba0e41a
* Merge pull request #2308 from w3c/issue-1643-drop-in-field-meta-2
Deprecate in-field language/direction metadata
by Nick Steele
https://github.com/w3c/webauthn/commit/1147dcca0892af7a7cc1ebd756e851230139aae8
* Merge branch 'main' into mm/#2257-add-rp-id-credential-record
by Matthew Miller
https://github.com/w3c/webauthn/commit/6e3c6a7aabdfdff9b9823b9c7cddf3bdc8ce17a8
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 27 August 2025 22:19:05 UTC