Extensible data structure for Authenticator Data #1220
Comments
Do you mean to say that during the discussions of the resident key feature (PR #1191), we did consider assigning one of the "Reserved for Future Use (RFU)" flags, and in that discussion we were unsure how to go about about assigning one of the RFU flags for that purpose?
I am unsure what you mean here -- perhaps you could provide a worked-out example? |
Yes. I think we don't have any feasible way to consume the RFU bits.
In current WebAuthn spec, we don't have any version information. So, from the RP perspective, new flags in Authenticator Data cannot be distinguishable from the old one. For doing this, we should have some distinguishable information like version. E.g., authenticator can return the version information within the authenticator extension that it supports. |
|
I am thinking that addressing (or not) how we allocate Reserved for Future Use (RFU) |
We have Authenticator Data structure and it includes list of bit flags (1 byte).
We are leaving extra RFUs (4 bits) for future uses and assigning such bits should be considered carefully since we have no enough room.
If we decide to consume one bit for a certain purpose, we should have some ways to indicate that the bit is consumed so that any concerning components (RPs) looks at it and handles it properly.
Before too late, it is better for us to define the way to assign the flags.
One simple way is that we assign the version number for the data structure within the extension if the authenticator supports it.
We have been suffering same problem when handling the resident key feature (#1191).
The text was updated successfully, but these errors were encountered: