Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expand upon the definition of "unsigned extension outputs" #2012

Merged
merged 2 commits into from
Jan 24, 2024
Merged

Expand upon the definition of "unsigned extension outputs" #2012

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
46a3d5e
Expand upon the definition of "unsigned extension outputs"
Jan 9, 2024
8f8c7ea
Apply suggestion.
agl Jan 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6571,7 +6571,9 @@ and the corresponding value is the <dfn>authenticator extension output</dfn> for

<dfn>Unsigned extension outputs</dfn> are represented independently from [=authenticator data=] and returned by authenticators
as a separate map, keyed with the same [=extension identifier=]. This map only contains entries for authenticator
extensions that make use of unsigned outputs.
extensions that make use of unsigned outputs. Unsigned outputs are useful when extensions output a signature over
the [=authenticator data=] (because otherwise a signature would have to sign over itself, which isn't possible) or when
some extension outputs should not be sent to the [=[RP]=].

Note: In [[!FIDO-CTAP]] [=unsigned extension outputs=] are returned as a CBOR map in a top-level field named
`unsignedExtensionOutputs` from both [=authenticatorMakeCredential=] and [=authenticatorGetAssertion=].
Expand Down