- From: Martin Thomson <notifications@github.com>
- Date: Mon, 21 Aug 2017 06:16:50 +0000 (UTC)
- To: w3c/push-api <push-api@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 21 August 2017 06:17:13 UTC
A lot of code on the web is moving to base64url and the forgiving algorithm rejects '-' and '_', which would be needed. The algorithm there is too forgiving for use in security-sensitive code. Our implementation of base64url is (I believe) constant-time with respect to the length of a valid input. Also, `atob` isn't the API I'd most aspire to be like. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/push-api/issues/280#issuecomment-323655531
Received on Monday, 21 August 2017 06:17:13 UTC