Emil Lundberg

icon indicating a website link https://emlun.se icon indicating an email [email protected]

icon company @Yubico icon location Stockholm, Sweden icon location Engineer, physicist, tinkerer.

Results 363 comments of Emil Lundberg

Make `AuthenticatorAttestationResponseJSON.publicKeyAlgorithm` optional

As noted in https://github.com/w3c/webauthn/pull/2107#issuecomment-2254153595 we can't make `AuthenticatorAttestationResponse.publicKeyAlgorithm` optional because that would be a backwards incompatibility pitfall. Since `AuthenticatorAttestationResponseJSON.publicKeyAlgorithm` is meant to reflect the non-JSON field, and `AuthenticatorAttestationResponseJSON` is constructed...

CredentialCreationOptions/mediation not yet defined in CredMan

Indeed the warning no longer occurs in my Bikeshed build (one might need to `bikeshed update` if the issue still occurs). Thanks!

Update Credential Record to suggest storing RP ID as well for better Related Origins support

I think I get the idea, but on further thought this might be a bit of a trap. The idea is that an RP might use two (or more) different...

Return more nuanced errors

Without judgement of the proposed errors, some spec formalia: currently, most WebAuthn errors are instances of [`DOMException`](https://webidl.spec.whatwg.org/#idl-DOMException) with different [names](https://webidl.spec.whatwg.org/#dfn-error-names-table). The `DOMException` names table section of the WebIDL spec states...

Accumulated difference betwen 1.12.2 and latest version

Hi! Does the [`NEWS` file](https://github.com/Yubico/java-webauthn-server/blob/main/NEWS) suffice for this?

Accumulated difference betwen 1.12.2 and latest version

You can find out by searching for "fix" in the NEWS file. But no, there are no pressing security fixes in this range. 2.7.0 does include a security fix, but...

:java.lang.ArrayIndexOutOfBoundsException when calling com.yubico.webauthn.RelyingParty.finishRegistration

Sorry for not responding to this. The `cose-java` dependency was eliminated in [version 2.5.1](https://github.com/Yubico/java-webauthn-server/releases/tag/2.5.1); is this issue still relevant in this and later versions? --- The cause of the `ArrayIndexOutOfBoundsException`...

TPM attestation verification steps inconsistent with FIDO conformance testing tool

Hm. I'm certainly not an expert on the TPM specs, but my interpretation of the current state of the WebAuthn spec is: - The issuer constructs the `pubArea` object first,...

Backup preference for providers who support both backed-up and non-backed up credential

I don't see a problem with having this in `hints`. Nothing in their definition reserves them for only authenticator properties, it just happens that only authenticator properties are defined at...

Disallow empty strings

>maybe we keep the existing preamble, but change the "SHOULD set to an empty string" guidance to something like "MUST omit the value" instead 🤔 That won't work with the...