Closed
Bug 1381126
Opened 7 years ago
Closed 7 years ago
WebAuthn: Strictly require domain strings as RP IDs
Categories
(Core :: DOM: Device Interfaces, enhancement, P1)
Core
DOM: Device Interfaces
Tracking
()
RESOLVED
FIXED
mozilla57
| Tracking | Status | |
|---|---|---|
| firefox57 | --- | fixed |
People
(Reporter: jcj, Assigned: jcj)
References
(Blocks 1 open bug)
Details
(Whiteboard: [webauthn] [webauthn-interop])
Attachments
(1 file)
Bug 1380421 permits WebAuthn to use RP IDs which are Origins, while the WD-06 and later drafts of the spec require RP IDs to be Domain Strings.
Once we're past the WD-05 interop period, we should be strict that all RP IDs be Domain Strings.
|
Assignee | |
Comment 1•7 years ago
|
||
It's been agreed that all interop participants will actually use only Domain Strings, not Origins, so we need to do this bug before the interop day after-all.
Assignee: nobody → jjones
Status: NEW → ASSIGNED
Priority: P3 → P1
QA Contact: mwobensmith
Whiteboard: [webauthn] [webauthn-interop]
| Comment hidden (mozreview-request) |
|
||
Comment 3•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8906665 [details]
Bug 1381126: Resume requiring WebAuthn RP ID to be a Domain String
https://reviewboard.mozilla.org/r/178378/#review183442
LGTM.
::: dom/webauthn/tests/test_webauthn_loopback.html:73
(Diff revision 1)
>
> return webAuthnDecodeCBORAttestation(aCredInfo.response.attestationObject.buffer)
> .then(function(decodedResult) {
> + // Make sure the RP ID hash matches what we calculate.
> + return crypto.subtle.digest("SHA-256", string2buffer(document.domain))
> + .then(function(calculatedHash){
nit: space before '{'
::: dom/webauthn/tests/test_webauthn_loopback.html:74
(Diff revision 1)
> return webAuthnDecodeCBORAttestation(aCredInfo.response.attestationObject.buffer)
> .then(function(decodedResult) {
> + // Make sure the RP ID hash matches what we calculate.
> + return crypto.subtle.digest("SHA-256", string2buffer(document.domain))
> + .then(function(calculatedHash){
> + is(bytesToBase64(new Uint8Array(calculatedHash)), bytesToBase64(decodedResult.rpIdHash), "Calculated RP ID hash must match what the browser derived.");
nit: break up long line
Attachment #8906665 -
Flags: review?(dkeeler) → review+
|
|
Assignee | |
Comment 4•7 years ago
|
||
| mozreview-review-reply | ||
Comment on attachment 8906665 [details]
Bug 1381126: Resume requiring WebAuthn RP ID to be a Domain String
https://reviewboard.mozilla.org/r/178378/#review183442
Thanks for the review!
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Updated•7 years ago
|
Keywords: checkin-needed
Version: 55 Branch → Trunk
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/9584975d84e0
Resume requiring WebAuthn RP ID to be a Domain String r=keeler
Keywords: checkin-needed
|
|
||
Comment 7•7 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox57:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
You need to log in
before you can comment on or make changes to this bug.
Description
•