https://github.com/w3c/webauthn/pull/1424
agl: updated as discussed, ready to land
tony: need review from JBradley
jbradley: no objections
https://github.com/w3c/webauthn/pull/1440
tony: let's come back to this
one.
... look at un-triaged PR.
jeffH: I closed it.
https://github.com/w3c/webauthn/issues/1444
tony: leave this open another week. elundberg not answering
shane: I think it is a spec
issue.
... why not close. it is a use-ability error
... I have seen this many time. UV not used properly. Almost
certainly the case.
agl: I agree.
jeffH: maybe ask on FIDO dev
nsteele: point them to the community group
https://github.com/w3c/webauthn/issues/1446
agl: this person is correct, not sure we can do anything about it
tony: not necessarily ours
agl: we have clarified this.
jbradley: not just a super simple
fix. how do curves and algorithms relate?
... there has not been demand for this.
elundberg: you can express these
in COSE
... we would have to add more parameters if we adopt it
jeffH: that is the
suggestion
... I think there are practical issues with adding too many
options.
agl: I don't see the value
akshay: can't be done with CTAP changs
jbradley: COSE would need new algorithm identifiers
agl: this would have to be level 3. Web Authn is feature locked.
tony: we can move it to L3 and
leave it open.
... people can look at it.
https://github.com/w3c/webauthn/issues/1447
agl: we might want to consider this
jcj_moz: banning these might make
sense
... compression points
tony: do this for Level 2?
jeffH: arguably this is a spec bug
https://github.com/w3c/webauthn/issues/1449
jbradley: some issue with
restricted credentials i.e not restricted
... proposal is to add extensions, say ask to have key
restricted. '
... could be used by platform and authenticator
agl: did we feature freeze
jbradley: this could be in L3. I want to track the issue.
agl: more friction
jbradley: would allow the
platform to guide user to appropriate authenticator
... appropriate credential
... the proposed add to CTAP, would be in get info
agl: does this work with current authenticators
jbradley: not a hard request.
should look at match-return
... we have lot of authenticators, hard reject would be a bad
user experience.
akshay: I don't want to check MDS
on this; are keys restricted
... what about the phone
jbradley: a hint is not effective if there is not additional info in geet info
akshay: looks lik ebig change to me
agl: this is L3
... RPs may come away with more concern; and a bad user
experience
jbradley: some may have legislation to consider.
agl: concerned RP may default to what they see as more secure bits
jbradley: allowed AAGUID list could be kind of messy, it would be a long list
akshay: maybe not a thing we want with list,
jbradley: RP supplies
... keep this issue open for L3 and see how it plays out.
... seee if people implement backing up credentials.
tony: that takes us through
un-triage; any more issue to talk about
... is selfissue on the call now?
selfissue: yes
https://github.com/w3c/webauthn/pull/1440
selfissue: the top level name has
changed
... i think the othere changse will do the job
rtony: can you look and merge if no issue
selfissue: yes
https://github.com/w3c/webauthn/issues/1105
tonhy: is there any progress
jcj-MOZ: jeffH will add, but don't hold up WD03 for it
jeffH: I went through them
all.
... they are all puntable, but I need to discuss with wider
group.
tony: lets do that now.
jcj_moz" puntable on 1105
https://github.com/w3c/webauthn/issues/1207
jeffH: puntable
https://github.com/w3c/webauthn/issues/1208
jeffH: puntable
tony: any objections? No
https://github.com/w3c/webauthn/issues/1291
elundberg: punt
tony: these things would move to wd04
https://github.com/w3c/webauthn/issues/1331
jeffH: puntable
tony: no assignee
... will anyone work on this
... punt. if no one works on it, it won't make it
https://github.com/w3c/webauthn/issues/1389
jeffH: don't hold up anything for
this
... i think we should do something here, don't know where the
time comes from
tony: mark puntable
jeffH: align with how to fido doc
https://github.com/w3c/webauthn/issues/1406
jeffH: I am working on this.
tony: hold up RD-03 for
this?
... that is WD-03
https://github.com/w3c/webauthn/issues/1421
jeffH: punt
nsteele: apple is sending in PR for privacy Ca
https://github.com/w3c/webauthn/issues/1422
jeffH: punt
tony: any issues with this
one
... no on assigned
no one assigned
https://github.com/w3c/webauthn/issues/1441
jeffH: jbradley was going to look at adding wording. but don't hold for wd0-3
jbradley: don't hold it up
https://github.com/w3c/webauthn/issues/1445
elundberg: mike was working on this
selfissue: I am creating a PR. I do not want to punt this.
tony: want to close wd-03 in a couple of weeks
https://github.com/w3c/webauthn/issues/1447
jeffH: author replied
... and language to prevent curve attacks.
tony: does it need to get into wd-03
agl: i can do this by next week.
jbradley: we should check to see where we are pointing for valid curve.
agl: we are pointing at COSE
selfissue: yes.
tony: left for wd-03 to get out
door. PR for #1406, PR for #1445. PR for #1447
... I would like to shoot for somewhere around 20th of
July
... for wd-03 draft
... any issue to shoot at July 20
... could try 21st
agl: think we can call it in two weeks
tony: any other issuse
jbradly: RPIDs may relate to
#1406
... we allow sub-domain in RPID, correct
... yse
jeffH: this is domain lowering and mapping to a domain...
jbradley: can't use sub-domian
from host you are making thee call from
... maybe we should create an issue about multi-domain
tony: adjourn
Chairs: Nadalin, Fontana
*minutes updated
This is scribe.perl Revision of Date Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Default Present: jfontana, wseltzer, Nadalin, agl, Aksay, Bill, DavidTurner, elundberg, JeffH, jcj_moz, JeremyErickson, nsteele, JohnBradley, Rae, sbweeden, Eric, selfissued Present: jfontana wseltzer Nadalin agl Aksay Bill DavidTurner elundberg JeffH jcj_moz JeremyErickson nsteele JohnBradley Rae sbweeden Eric selfissued No ScribeNick specified. Guessing ScribeNick: jfontana Inferring Scribes: jfontana WARNING: No "Topic:" lines found. Agenda: https://lists.w3.org/Archives/Public/public-webauthn/2020Jul/0000.html WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]