bzbarsky has just created a new issue for https://github.com/w3c/webauthn: == "JSON serialization" in makeCredential probably needs to be defined more clearly == https://w3c.github.io/webauthn/#dom-webauthentication-makecredential step 8 says: > compute the clientDataJSON and clientDataHash where clientDataJSON is defined as: > This is the UTF-8 encoded JSON serialization [RFC7159] of a ClientData dictionary. and clientDataHash is defined as: > This is the hash (computed using hashAlg) of clientDataJSON. Unfortunately, RFC 7159 doesn't define a unique serialization format. For example, the following are all valid JSON serializations of the same data: { "foo": 5 } {"foo":5} { "foo" : 5 } This is normally not a problem, because when parsed with a JSON parser they will all produce the same data structure. But here we're hashing the serialization here, and the expectation is presumably that the hash is stable for a given ClientData. That means the JSON serialization needs to be specified somewhat more strictly than just "any valid JSON serialization of this data"... Please view or discuss this issue at https://github.com/w3c/webauthn/issues/274 using your GitHub accountReceived on Friday, 4 November 2016 20:58:56 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC