Re: [webauthn] Consider requiring canonical CBOR throughout

All of this is, for me, about generating messages in-place. I do not want to have to generate the extension data a buffer and later copy it to the authenticator data buffer and then copy that into the reply buffer. Resources are not abundant in an embedded implementation.

Going through all the extension and buffer generation logic to calculate the size to then go back and do it all again when generating this data just to avoid a possible single extra 0 byte in the length just seems too expensive. 

That map fields will always be in the same order for a single implementation is very likely, yes. However, that does not mean an alphabetical order is obvious.

Indefinite length strings are a convenient way to reserve space in the reply when you do yet know the length of that field. A good example is the signature field which is somewhere between 70-73 bytes, depending on the signature value.

Why you think this canonical CBOR from authenticator to platform is so important?


-- 
GitHub Notification of comment by jovasco
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/455#issuecomment-326252825 using your GitHub account

Received on Thursday, 31 August 2017 10:14:05 UTC