bzbarsky has just created a new issue for https://github.com/w3c/webauthn: == Setting _rpId_ to _callerOrigin_ doesn't make sense == _rpId_ is set to a string by the "rpId is specified" branch. But an origin is a tuple (since we already returned an error for opaque origins). I really doubt the following parts of the algorithm can handle a non-string _rpId_, and in fact the very next bit that says "the SHA-256 hash of _rpId_" already doesn't handle it. Presumably this is meant to assign a serialization of the origin to _rpId_. The spec needs to be clear whether this means assigning https://www.w3.org/TR/html51/browsers.html#unicode-serialization or https://www.w3.org/TR/html51/browsers.html#ascii-serialization-of-an-origin Once you decide that, you need to specify what it means to take an SHA-256 hash of _rpId_. The serialization of an origin (either one, really, but this is especially bad for the not-guaranteed-ASCII one) is a Unicode string, whereas SHA-256 works on a byte buffer. There is no canonical encoding of Unicode into bytes, so the exact encoding used here needs to be specified. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/255 using your GitHub accountReceived on Friday, 4 November 2016 18:06:15 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC