Re: [webauthn] Add note about use of floating point in extensions passed through that clients do not recognize (#1307) from Peter Occil via GitHub on 2019-09-24 (public-webauthn@w3.org from September 2019)

From: Peter Occil via GitHub <sysbot+gh@w3.org>
Date: Tue, 24 Sep 2019 13:35:44 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-534561062-1569332143-sysbot+gh@w3.org>

My concern was that if different clients use different integer thresholds for passing through unrecognized extensions (and neither WebAuthn nor RFC 7049 specify a default threshold), then that will hinder bit-for-bit comparison or hashing of CTAP2 messages with the same content.  This concern is not relevant if the only purpose of canonicalizing CTAP2 messages (both in WebAuthn and elsewhere) is, as the CTAP2 protocol states, "[t]o reduce the complexity of the messages and the resources required to parse and validate them", and not also to enable bit-for-bit comparison or hashing of CTAP2 messages with semantically equal content.

-- 
GitHub Notification of comment by peteroupc
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1307#issuecomment-534561062 using your GitHub account

Received on Tuesday, 24 September 2019 13:35:46 UTC