Requesting your approval to include rpId in MAC and private key derivations?

dicekeys / seeding-webauthn

A spec for deriving FIDO key pairs from a seed

9 stars 0 forks source link

Requesting your approval to include rpId in MAC and private key derivations? #2

Closed UppaJung closed 4 years ago

UppaJung commented 4 years ago

@nickray:

This issue exists to make sure you are aware of the rpId field in to the calculation of credentialMac and es256SPrivateKey.

You had previously documented that you didn't use rpId in those situations since it is not available within the credentialId, but it will still be available when we need it since it is a parameter toto authenticatorGetAssertion)

nickray commented 4 years ago

Ah yes, correct. We should treat it like "associated data" in the MAC tag.

UppaJung commented 4 years ago

OK. Close if you consider resolved.