One of the things that jumped out to me in Denis Pinkas' webauthn review was his noting that we have two very similar terms in "public key credential" and "credential public key" and that there lurks potential confusion for readers other than us'ns.
In both UAF and U2F, this is referred to as the "user public key".
I suggest we change "credential public key" to "user public key" sooner rather than later.
AFAICT this will not alter the API surface at all (because the user public key is not directly defined in the WebIDL) and is only an editorial change. Also, we will have to update the attestation object figure 3.
What does "user public key" mean? Which one of the two terms ("public key credential" and "credential public key") does "user public key" refer to? I agree this would be a small change and would not alter the surface. But I really don't understand what the term is and how the term helps understanding.
@AngeloKai "user public key" refers to "credential public key".
Although it pretty clear to me, if it creates confusion, I would go for similarity between UAF/U2F.
I do not any longer feel we ought to change the "credential public key" term to be "user's public key" -- however I think we ought to clarify editorially that "credential public key" is the same as "user's public key"
Most helpful comment
@AngeloKai "user public key" refers to "credential public key".
Although it pretty clear to me, if it creates confusion, I would go for similarity between UAF/U2F.