Re: [webauthn] Update name, displayname and icon for RP and user (#1200) from Emil Lundberg via GitHub on 2019-04-17 (public-webauthn@w3.org from April 2019)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 17 Apr 2019 13:59:38 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-484102011-1555509577-sysbot+gh@w3.org>

> fetching URL from the remote source (https) happens at the time of registration once and then such fetched icon is stored in the authenticator

That behaviour is not mandated by the spec, in fact neither WebAuthn nor CTAP says anything about what the authenticator is supposed to do with `rp.icon` other than somehow "store" it. It's equally permissible for the authenticator to simply store the `https:` URL without resolving it.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1200#issuecomment-484102011 using your GitHub account

Received on Wednesday, 17 April 2019 13:59:40 UTC