Re: [webauthn] Specify what happens when the Client receives invalid CBOR from Angelo Liao via GitHub on 2017-09-06 (public-webauthn@w3.org from September 2017)

From: Angelo Liao via GitHub <sysbot+gh@w3.org>
Date: Wed, 06 Sep 2017 18:33:16 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-327574351-1504722786-sysbot+gh@w3.org>

After talking to @akshayku, I learned that the CTAP layer already has a way to handle malformed CBOR by erroring out. It's not necessary to do the same action on the web layer. CBOR will be validated when it is parsed and used. Outer layers should simply pass the CBOR bytes to the components that will consume. Outer layers shouldn’t know the details of the inner CBOR that might change over time.

Closing the issue. 

-- 
GitHub Notification of comment by AngeloKai
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/469#issuecomment-327574351 using your GitHub account

Received on Wednesday, 6 September 2017 18:33:18 UTC