Re: [webauthn] Consider requiring canonical CBOR throughout

For small chips, I would imagine that the encoding would be generated directly by code and, as such, maps would be sorted by virtue of the code blocks that emit each element being ordered.

I agree that checking different requirements of the canonical form should be a MAY for implementations as a few large implementations doing the checks is sufficient to keep the ecosystem on track.

I don't believe that these messages will be so large that an implementation will not be able to calculate the size of strings beforehand.

GitHub Notification of comment by agl
Please view or discuss this issue at using your GitHub account

Received on Wednesday, 30 August 2017 17:55:47 UTC