Does not retrieve and interpret appId if it is json list

Question

Does not retrieve and interpret appId if it is json list

Closed this issue 4 years ago · 3 comments

AFAIK this functionality is part of the U2F spec, and this client does not implement it. So it is not providing the same guarantees as the spec...

Answer 1 · 2017-04-19T09:09:35.000Z

I'm not sure it should be in the library to fetch the list and validate it. We should probably have a function to validate appid with the list though, where you'd pass in the json fetched (or NULL) and either match origin with appid or walk through the json list and validate.

Answer 2 · 2017-04-22T03:20:52.000Z

I guess I agree (mainly because I can foresee people wanting to customize the fetch with e.g. cert pinning), but it would be nice if the extra steps a user of the library needs to take are noted somewhere.

Answer 3 · 2020-10-14T12:26:15.000Z

We are archiving this project and closing issues. Please open a new one in the replacement library's repo: https://github.com/Yubico/libfido2 if it is still applicable.