See also: IRC log
<jfontana> test
scribenick jeffh
tony: pls reg for tpac. webauthn is thur, webappsec is mon & tue
https://www.w3.org/2017/11/TPAC/#registration
tony: WD07 Open PR #498 ?
<Rolf> wait for @domenic to review
<kpaulh> I'm here with Christiaan
<jfontana> Tony : 539 which is Rolf's
rolf: describes how sig counter
ought to be handled by RP
... suggests further polishing that could be done
<jfontana> rolf: not ready to be merged, needs one more round. I will clean up
rolf: this is not ready to be merged, needs another round of editing and reviewing. review lines 2521 & before. changes after that are not stable as yet
<Rolf> decision to be made: where to handle U2F compatibility (1) in WebAuthn spec or (2) in CTAP spec. At this time my notes reflect (1). But (2) will likely be better.
jeffh: all the issues I'm assigned to are "on the stack" - several will be closed by pr #498, then need to just do the others
<jcj_moz> jcj_moz: 507 probably covered by PR 539
<jcj_moz> jcj_moz: I need to still review it
<Rolf> PR 539 is intended to cover issue #507.
tony: issue #292
<Rolf> PR 539 is intended to cover 125 as well
jeffh: that's part of the "cancel" hairball...
angelo: yes, am working on that...
angelo: yes, there's a way to do this in whatwg specs but there's a couple aspects of this am trying to figure out....
<jfontana> Tony: ....we have #316
<jfontana> jeffH part of the cancel hairball
s/another ?/ #316, another?/
<jfontana> tony: #453....suppose to go ahead and close this one; on Rolf's suggestion
rolf entered a comment on it yesterday: https://github.com/w3c/webauthn/issues/453#issuecomment-325582425
jyasskin: ok, so discussion in PR #539 supersedes the discussion in this issue. all decisions are getting made in #539.
angelo: yes, we did discuss this
but it doesnt seem to be in notes anywhere.
... suggests we can close this.
jyasskin: there is probably a subtle difference in the order things get checked, some chance for error msg refering to incorrect dict member, so it would be a little cleaner to mark as 'required' in IDL dictionary, but it is not big deal.
gmandyam: wonders about usefulness of the RP displayname....
<gmandyam> displayName cannot be definitively matched to ID by the user agent, so what is the point of it?
angelo: believes we have adequately discussed this, will add comment to issue, and will close this
gmandyam: for RP to provide friendly name in addition to RP ID (hostname) on display controlled by authenticator, if any
jyasskin: AGL is arguing that the
sig counter is a priv leak. some authnrs will not support it
cuz it reqs root. suggests the sig counter could just be a
random field as long as RPs know to ignore it.
... rolf suggests that if we want authnr-supplied nonce, should
have sep field rather than repurpose this counter field. if
want RP to ignore this field, simply make all zero.
rolf: have lots of authnrs
already fielded that support sig counter. sig counter is
effective clone detection for RPs.. there is a way to protect
against the priv leak by maintaining sig cntr per RP.
... good reasons to create nonce on every createCred
... if attacker can control the to-be-signed data, can then aid
a diff pwr analysis attack -- there's a paper about this
... if authnr adds random # to tbs data, it fouls up the diff
pwr analysis.
... for registration, it is the attestation key at risk, for
getAssn, its the user public key at risk
gmandyam: argues that there is some way for RP to figure out if the sig cntr is being used as counter or a nonce
rolf: argues that there is not a
backwards compatibility issue because fielded authnrs are
largely un-patchable, and we "are free" to add an authnr nonce
field to webauthn/CTAP2 authnrs
... we can add the nonce to the end of the
authenticatorData.
jyasskin: need to verify that adding the nonce actually fixes the sec problem, the issue being whether it is added to the beginning or end of authnrData
rolf: notes that we cant add it to the very begining because it would break the bkwards compat with U2F
jyasskin: subtopic per AGL: sign counter issue
rolf: <missed it>
jyasskin: thinks AGL not convinced by Rolf's argument
gmandyam: <questions aspects of usefulness of sign cntr>
rolf: <explains how cloned-detection alg works based on the sign cntr>
gmandyam: <again questions value of sign cntr and the alg for detecting cloning>
cbrand: is the sign cntr worth
the potential priv leak?
... at this point, yes, goog will continue to use the sign
cntr
... ie if the authnr supports it, we will factor it in
issue https://github.com/w3c/webauthn/issues/199
<gmandyam> Sign. counter that increments across RP
<gmandyam> Sign. counter that increments across RP
tony: that is for Level 2 for now -- if folks disagree they can push back
<gmandyam> Sign. counter that increments across RP's can be used to mask a cloned authenticator from a given RP. RP A could detect sign. counter increment that occurred due to RP B assertion, even though sig counter did not increment for RP A's assertion
<gmandyam> Sign. counter is only one indication of authenticator cloning, and a weak one at best
angelo and jcj_moz yes, this is a concern and we need to discuss
internationalization checklist and self-review thereof
jyasskin: thinks the issues here are for user-visible text items. the implication that we might need to add fields for text direction et al, but such additions would be (largely) bkwards compatible, except for things that are sent to the authnr.... this needs someone to sit down and analyze the spec
<weiler> New charter is out for AC review. Please have AC reps approve it.
<weiler> trackbot, end meeting
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/read/review/ Succeeded: s/507/issue #507/ FAILED: s/another ?/ #316, another?/ Succeeded: s/changes/notes/ Default Present: Rolf, jeffh, gmandyam, jcj_moz, weiler, WD, AkshayKumar, battre, Ibrahim, jfontana, angelo, kpaulh, Christiaan, nadalin Present: Rolf jeffh gmandyam jcj_moz weiler WD AkshayKumar battre Ibrahim jfontana angelo kpaulh Christiaan nadalin WD07 No ScribeNick specified. Guessing ScribeNick: jeffh Inferring Scribes: jeffh Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2017Aug/0250.html Found Date: 30 Aug 2017 Guessing minutes URL: http://www.w3.org/2017/08/30-webauthn-minutes.html People with action items:[End of scribe.perl diagnostic output]