- From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
- Date: Tue, 08 Nov 2016 01:02:36 +0000
- To: public-webauthn@w3.org
> the expectation is presumably that the hash is stable for a given ClientData This is not true. There is no such expectation. Both makeCredential and getAssertion return the actual serialized string clientDataJSON as an ArrayBuffer along with their respective signatures. This should be enough for the RP to check the signature and to verify the contents of the clientData by parsing the stringified JSON. This was done specifically to avoid canonicalization issues like this one. -- GitHub Notification of comment by vijaybh Please view or discuss this issue at https://github.com/w3c/webauthn/issues/274#issuecomment-259013878 using your GitHub account
Received on Tuesday, 8 November 2016 01:02:42 UTC