IETF Logo Mail Archive

Re: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry

Ian Jacobs <ij@w3.org> Tue, 15 August 2023 17:08 UTC

Return-Path: <ij@w3.org>
X-Original-To: webauthn-reg-review@ietfa.amsl.com
Delivered-To: webauthn-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72F73C151080 for <webauthn-reg-review@ietfa.amsl.com>; Tue, 15 Aug 2023 10:08:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5N0kqiNKdoou for <webauthn-reg-review@ietfa.amsl.com>; Tue, 15 Aug 2023 10:08:00 -0700 (PDT)
Received: from tucana.w3.org (tucana.w3.org [128.30.52.33]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B95A8C151069 for <webauthn-reg-review@ietf.org>; Tue, 15 Aug 2023 10:08:00 -0700 (PDT)
Received: from 107-195-167-16.lightspeed.cicril.sbcglobal.net ([107.195.167.16] helo=smtpclient.apple) by tucana.w3.org with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <ij@w3.org>) id 1qVxWP-006rC7-6U; Tue, 15 Aug 2023 17:07:57 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
From: Ian Jacobs <ij@w3.org>
In-Reply-To: <91F71F16-E748-4F07-99DC-68B6CA946627@w3.org>
Date: Tue, 15 Aug 2023 12:07:56 -0500
Cc: "webauthn-reg-review@ietf.org" <webauthn-reg-review@ietf.org>, Stephen McGruer <smcgruer@google.com>, Philippe Le Hégaret <plh@w3.org>
X-Mao-Original-Outgoing-Id: 713812066.418174-e33ff736e0decd908028f3b04001e9a7
Content-Transfer-Encoding: quoted-printable
Message-Id: <02B1ECC6-7EF9-4467-8280-23067E53C826@w3.org>
References: <3C072A37-E257-4915-808F-1313634FF9E7@w3.org> <SJ0PR02MB83532B5F557C73B00F62FC3F81409@SJ0PR02MB8353.namprd02.prod.outlook.com> <8B3FB6B1-A6C1-4AD3-B5E5-89C088185AEC@w3.org> <SJ0PR02MB83534413068CE1C9B4E976EC81409@SJ0PR02MB8353.namprd02.prod.outlook.com> <B3E2CD8D-9714-40C3-B3EA-1309A85BDB59@w3.org> <SJ0PR02MB8353DF6FFE1584C2B560D32A81409@SJ0PR02MB8353.namprd02.prod.outlook.com> <91F93224-BD6D-4566-AF4B-4D40D57436A8@w3.org> <SJ0PR02MB835344D3D5688BC50D4A822B81409@SJ0PR02MB8353.namprd02.prod.outlook.com> <B34A0B9D-FF17-4B7C-A017-C4ECA857EF88@w3.org> <38F5B4F5-BD99-44FA-A646-03AEEA012C8D@w3.org> <2442E340-BE6E-44DA-A123-2107A20DC9EA@w3.org> <SJ0PR02MB8353B04770B85C82BA4519328101A@SJ0PR02MB8353.namprd02.prod.outlook.com> <91F71F16-E748-4F07-99DC-68B6CA946627@w3.org>
To: Giridhar Mandyam <mandyam@qti.qualcomm.com>, "michael_b_jones@hotmail.com" <michael_b_jones@hotmail.com>
X-Mailer: Apple Mail (2.3731.700.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/webauthn-reg-review/ZlNRO9pPowCt3eKGm4wERWEgQv0>
Subject: Re: [Webauthn-reg-review] Request to add payment extension to WebAuthn Registry
X-BeenThere: webauthn-reg-review@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Registration requests should be sent to the mailing list described in \[draft-hodges-webauthn-registries, Section 17\]." <webauthn-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webauthn-reg-review>, <mailto:webauthn-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webauthn-reg-review/>
List-Post: <mailto:webauthn-reg-review@ietf.org>
List-Help: <mailto:webauthn-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webauthn-reg-review>, <mailto:webauthn-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2023 17:08:04 -0000

Hi Giridhar,

I wanted to let you know that we’ve merged the pull request, so the statement you referred to below no longer appears.

If there’s any other information you need to complete your evaluation, let me know. Thanks again!

Ian

> On Jul 31, 2023, at 8:59 AM, Ian Jacobs <ij@w3.org> wrote:
> 
> Thanks Giridhar,
> 
> I’ve proposed a pull request to remove the note:
> https://github.com/w3c/secure-payment-confirmation/pull/255
> 
> Ian
> 
>> On Jul 27, 2023, at 1:32 AM, Giridhar Mandyam <mandyam@qti.qualcomm.com> wrote:
>> 
>> Hi Ian,
>> 
>> Mike needs to sign off,  but I have reviewed this an am satisfied that the extension can be registered.
>> 
>> Please consider removing the following in any future revision:
>> 
>> "Note: Reading [webauthn-3] literally, these steps don’t work; extensions are injected at step 12 of [[Create]] and cannot really modify anything. However other extensions ignore that entirely and assume they can modify any part of any WebAuthn algorithm!"
>> 
>> I don't think the above statement is an accurate reading of the WebAuthn spec, as the steps outlined in the Webauthn spec do not have to be executed in sequence.  This is because the cited section in Webauthn is for an internal method, which as per the ECMA description is left up to the implementation (https://tc39.es/ecma262/#sec-object-internal-methods-and-internal-slots).
>> 
>> Mike,
>> Please provide your feedback.
>> 
>> -Giri

--
Ian Jacobs <ij@w3.org>
https://www.w3.org/People/Jacobs/
Tel: +1 917 450 8783

v2.23.0 | Report a Bug | By Email