- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Mon, 12 Mar 2018 13:29:35 +0000
- To: public-webauthn@w3.org
There is some mention of required randomness in [ยง13.1. Cryptographic Challenges][sec-cons], but I agree a recommended minimum length would be good. Should we perhaps also specify that the browser MAY, SHOULD or MUST refuse a request if the challenge is shorter than the specified minimum? Thoughts on that? [sec-cons]: https://w3c.github.io/webauthn/#cryptographic-challenges -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/85#issuecomment-372309459 using your GitHub account
Received on Monday, 12 March 2018 13:29:38 UTC