W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2016

Re: [webauthn] "JSON serialization" in makeCredential probably needs to be defined more clearly

From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
Date: Tue, 08 Nov 2016 01:02:36 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-259013878-1478566953-sysbot+gh@w3.org>
> the expectation is presumably that the hash is stable for a given 

This is not true. There is no such expectation.

Both makeCredential and getAssertion return the actual serialized 
string clientDataJSON as an ArrayBuffer along with their respective 
signatures. This should be enough for the RP to check the signature 
and to verify the contents of the clientData by parsing the 
stringified JSON. This was done specifically to avoid canonicalization
 issues like this one.

GitHub Notification of comment by vijaybh
Please view or discuss this issue at 
using your GitHub account
Received on Tuesday, 8 November 2016 01:02:42 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC