John Bradley
John Bradley
For a normal attestation during make credential the batch key is always signing over a new public key, preventing an attacker from controlling the output. In the DPK case the...
RP currently have 4 options for requesting attestation. enum [AttestationConveyancePreference] { ["none"], ["indirect"], ["direct"], ["enterprise"] }; In general, we want a RP to be able to request any one of...
In conversations with some government RP around [national ID (aka "eID") programs](https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/identity), there seems to be a requirement that keys not be exportable or shared. That may or not be...
We have never allowed WebAuthn to non TLS origins. HSTS adds another property of prohibiting user recourse to invalid certificates. We should be using the existing token binding mechanism, but...
## Proposed Change Describe your proposed change. If you have suggested text, please file a corresponding Pull Request. The current WebAuthn text uses options enterprise to set enterpriseAttestationPossible state to...
We now have password providers. like 1Password and Dashlane that intercept Webauthn on desktop not making credentials created in them available to SPC. Over Hybrid there may be changes required...
{ "description": "Tests is user verification set to true is accepted in MakeCredential.", "error_message": "The user verification option (true) was not accepted.", "id": "make_credential_option_uv_true", "observations": [ "A prompt was expected,...
In CTAP2.1 the max pin length is 63 bytes and is padded out to 64 bytes. In CTAP2.0 "The decrypted padded newPin should be of at least 64 bytes length"...
By submitting this issue you are acknowledging that any information regarding this issue will be publicly available. If you have privacy concerns, please email [[email protected]](mailto:[email protected]) ## FIRST PRE CHECK -...
By submitting this issue you are acknowledging that any information regarding this issue will be publicly available. If you have privacy concerns, please email [[email protected]](mailto:[email protected]) ## FIRST PRE CHECK -...