- From: David Waite via GitHub <sysbot+gh@w3.org>
- Date: Wed, 15 May 2019 06:11:02 +0000
- To: public-webauthn@w3.org
> > I believe the RP information is only ever displayed by the authenticator itself, so if it wishes to alter the data (such as truncating it) then it is responsible for doing so appropriately. > > Authenticators do not have to have displays. If they do not then an account selection dialog is shown by the user-agent if there is more than one credential to choose between. That dialog will contain the RP information as provided (and truncated) by the authenticator. This is not my understanding with CTAP based on the January publication - I don't believe there is a case where a PublicKeyCredentialRpEntity is returned to the client. In any case, an authenticator value that truncates the text to the min-max cannot be further truncated by the client to account for incomplete codepoints/graphemes, since that would put it below the WebAuthn min-max. Such effort would also I believe currently require a second makeCredential with up/uv. -- GitHub Notification of comment by dwaite Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1205#issuecomment-492517935 using your GitHub account
Received on Wednesday, 15 May 2019 06:11:04 UTC