Skip to content

Commit

Permalink
Address most of @equalsJeffH's review comments
Browse files Browse the repository at this point in the history 
See #718 (review)
  • Loading branch information
@emlun
emlun committed Jan 17, 2018
1 parent 301aa02 commit 780a818
Showing 1 changed file with 18 additions and 18 deletions.
36 changes: 18 additions & 18 deletions index.bs
View file
Expand Up @@ -2714,19 +2714,19 @@ When registering a new credential, represented by a {{AuthenticatorAttestationRe
1. Perform JSON deserialization on <code>|response|.{{AuthenticatorResponse/clientDataJSON}}</code> to extract the [=client data=]
|C| claimed as collected during the credential creation.

1. Verify that the {{CollectedClientData/type}} in |C| is the string `webauthn.create`.
1. Verify that the value of <code>|C|.{{CollectedClientData/type}}</code> is `webauthn.create`.

1. Verify that the {{CollectedClientData/challenge}} in |C| matches the challenge that was sent to the authenticator in the
{{CredentialsContainer/create()}} call.
1. Verify that the value of <code>|C|.{{CollectedClientData/challenge}}</code> matches the challenge that was sent to the
authenticator in the {{CredentialsContainer/create()}} call.

1. Verify that the {{CollectedClientData/origin}} in |C| matches the [=[RP]=]'s [=origin=].
1. Verify that the value of <code>|C|.{{CollectedClientData/origin}}</code> matches the [=[RP]=]'s [=origin=].

1. Verify that the {{CollectedClientData/tokenBindingId}} in |C| matches the [=Token Binding ID=] for the TLS connection over
which the attestation was obtained.
1. Verify that the value of <code>|C|.{{CollectedClientData/tokenBindingId}}</code> matches the [=Token Binding ID=] for the TLS
connection over which the attestation was obtained.

1. Verify that the {{CollectedClientData/clientExtensions}} in |C| is a subset of the extensions requested by the RP
and that the {{CollectedClientData/authenticatorExtensions}} in |C| is also a subset of the extensions requested by
the RP.
1. Verify that the value of <code>|C|.{{CollectedClientData/clientExtensions}}</code> is a subset of the extensions requested by
the RP and that the value of <code>|C|.{{CollectedClientData/authenticatorExtensions}}</code> is also a subset of the
extensions requested by the RP.

1. Compute the hash of <code>|response|.{{AuthenticatorResponse/clientDataJSON}}</code> using SHA-256.

Expand Down Expand Up @@ -2799,19 +2799,19 @@ When verifying a given {{PublicKeyCredential}} structure (|credential|) as part

1. Perform JSON deserialization on |cData| to extract the [=client data=] |C| used for the signature.

1. Verify that the {{CollectedClientData/type}} in |C| is the string `webauthn.get`.
1. Verify that the value of <code>|C|.{{CollectedClientData/type}}</code> is the string `webauthn.get`.

1. Verify that the {{CollectedClientData/challenge}} member of |C| matches the challenge that was sent to the authenticator in
the {{PublicKeyCredentialRequestOptions}} passed to the {{CredentialsContainer/get()}} call.
1. Verify that the value of <code>|C|.{{CollectedClientData/challenge}}</code> matches the challenge that was sent to the
authenticator in the {{PublicKeyCredentialRequestOptions}} passed to the {{CredentialsContainer/get()}} call.

1. Verify that the {{CollectedClientData/origin}} member of |C| matches the [=[RP]=]'s [=origin=].
1. Verify that the value of <code>|C|.{{CollectedClientData/origin}}</code> matches the [=[RP]=]'s [=origin=].

1. Verify that the {{CollectedClientData/tokenBindingId}} member of |C| (if present) matches the [=Token Binding ID=] for the
TLS connection over which the signature was obtained.
1. Verify that the value of <code>|C|.{{CollectedClientData/tokenBindingId}}</code> (if present) matches the [=Token Binding ID=]
for the TLS connection over which the signature was obtained.

1. Verify that the {{CollectedClientData/clientExtensions}} member of |C| is a subset of the extensions requested by the
[=[RP]=] and that the {{CollectedClientData/authenticatorExtensions}} in |C| is also a subset of the extensions
requested by the [=[RP]=].
1. Verify that the value of <code>|C|.{{CollectedClientData/clientExtensions}}</code> is a subset of the extensions requested by
the [=[RP]=] and that the value of <code>|C|.{{CollectedClientData/authenticatorExtensions}}</code> is also a subset of the
extensions requested by the [=[RP]=].

1. Verify that the <code>[=rpIdHash=]</code> in |aData| is the SHA-256 hash of the [=RP ID=] expected by the [=[RP]=].

Expand Down

0 comments on commit 780a818

Please sign in to comment.