WebAuthn WG

05 Aug 2020


nsteele, jeffh, agl, akshay, davidwaite, davidturner, elundberg, eric, gavinshenker, jbarclay, jfontana, jiewen, johnbradley, nadalin, selfissued, nick, nina, rae, sbweeden
Nadalin, Fontana


tony: wd03 published
... wd-04 end of sept., end of oct. put out CR and Proposed by end of Dec.

jbradley: ctap2 work trying to sync with Web Authn
... was discussion in SPWG to change privacy principle.
... could impact CTAP2

tony: issues. any update on Apple attstation


JTan: waiting for lawyers.
... you can test it now.

tony: any questions

shane: when requesting direct attestation I was getting an error.

JTan: we can discuss offline

tony: when you get permission you will create a PR

JTan: yes.


jbradley: relates to Apple platform authenticator on iOS
... not sure what to do about it.

tony: Msft is changing its behavior

akshay: I can't guarantee what we will do.

tony: will you change?

JTan: will not change right now, not sure in the futuree

agl: it could change in 14.1
... OK, nothing looking forward

tony: we should leave it.

shane: this is about FIDO spec not working\
... makes implementation of RP less consistent

agl: we highlighted, we can't change the world. we need help there

tony: we don't change spec here, and hope people don't change their implementations

agl: we don't have to back up to CTAP
... we could add a note
... but that ages quickly.

tony: do we move this to future level
... Apple won't make deadline

jbradley: do we revert the changes to web authn spec

tony: so move to next level or close

shane: we need consistency

jeffH: spec could be moree clear #1459

jbradly: look at $1459

jeffH: section 5.4.4, does not use discoverable language. should be updated


agl: update language, tweak wording elsewhere

elundberg: did update terms, but not use of terms

jeffh: we are not using new language around resident kehys
... we ought to clarify is what I am hearing from agl

agl: I am open to changing things around.

tony: so do #1459 and not #1457

afgl: nod toward #1457
... it does happen

jeffh: we should note down sides

tony: agl can yo craft a PR to cover both.

agl: I will do next week

jbradley: problem here is need to track creation of credentials


JeffH: I will clean-up

tony: jbradley, you adding some wording

jbradley: yes.

tony: some un-traiaged


agl: this is mozilla objections to PR extension.
... not worth sinking the spec ovre.

akshay: I like this extenison
... I want it in web auth, addresses web crypto

tony: so both google and msdft are in favor of keeping this

JTan: pseudo-random function. I need to review this

tony: does anyone want to take this one over?

agl: we should give him another week, but we might need some help

tony: I will move it into WD-04


agl: hope to get consensus on specifics, and put note in spec mentioning this.

tony: see this an editorial

agl: yes, but with guidancee

tony: any other issues to discuss
... are we going to leave this, close it. moves to level three and someone with look at it. https://github.com/w3c/webauthn/issues/1396

jeffH: all the editors in draft; RFC 8809 eminent

tony: when do we see completion with this in ITF

selfissue: this week
... this is IETF to be clear

<selfissued> The registries are at https://www.iana.org/assignments/webauthn/webauthn.xhtml

<selfissued> draft-hodges-webauthn-registries will be RFC 8809

tony: adjourn

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2020/08/05 19:51:53 $