[webauthn] Pull Request: Specify that SHA-256 is used for hashing the client data. from Adam Langley via GitHub on 2017-12-06 (public-webauthn@w3.org from December 2017)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Wed, 06 Dec 2017 21:25:18 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.opened-156843561-1512595517-sysbot+gh@w3.org>

agl has just submitted a new pull request for https://github.com/w3c/webauthn:

== Specify that SHA-256 is used for hashing the client data. ==
Previously, the client could choose any "recognized algorithm name" for
hashing, but RPs need to know which hash function(s) to support.

Rather than choose a set of hash functions and add implementation burden
for no clear reason, this change specifies that SHA-256 will be used.

Should we need to revisit this, we can spin a new version of the spec:
the RP can signal support for other algorithms via
`PublicKeyCredentialType` and the hashAlgorithm member can be readded to
the JSON to indicate when a new hash function was added.

Fixes #362.

See https://github.com/w3c/webauthn/pull/710

Received on Wednesday, 6 December 2017 21:25:23 UTC