W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2016

[webauthn] "JSON serialization" in makeCredential probably needs to be defined more clearly

From: Boris Zbarsky via GitHub <sysbot+gh@w3.org>
Date: Fri, 04 Nov 2016 20:58:50 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-187436812-1478293128-sysbot+gh@w3.org>
bzbarsky has just created a new issue for 
https://github.com/w3c/webauthn:

== "JSON serialization" in makeCredential probably needs to be defined
 more clearly ==
https://w3c.github.io/webauthn/#dom-webauthentication-makecredential 
step 8 says:

> compute the clientDataJSON and clientDataHash

where clientDataJSON is defined as:

> This is the UTF-8 encoded JSON serialization [RFC7159] of a 
ClientData dictionary.

and clientDataHash is defined as:

>  This is the hash (computed using hashAlg) of clientDataJSON.

Unfortunately, RFC 7159 doesn't define a unique serialization format.
  For example, the following are all valid JSON serializations of the 
same data:

    { "foo": 5 }
    {"foo":5}
    {       "foo"     :      5       }

This is normally not a problem, because when parsed with a JSON parser
 they will all produce the same data structure.  But here we're 
hashing the serialization here, and the expectation is presumably that
 the hash is stable for a given ClientData.  That means the JSON 
serialization needs to be specified somewhat more strictly than just 
"any valid JSON serialization of this data"...

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/274 using your GitHub account
Received on Friday, 4 November 2016 20:58:56 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC