agl has just submitted a new pull request for https://github.com/w3c/webauthn: == Specify that SHA-256 is used for hashing the client data. == Previously, the client could choose any "recognized algorithm name" for hashing, but RPs need to know which hash function(s) to support. Rather than choose a set of hash functions and add implementation burden for no clear reason, this change specifies that SHA-256 will be used. Should we need to revisit this, we can spin a new version of the spec: the RP can signal support for other algorithms via `PublicKeyCredentialType` and the hashAlgorithm member can be readded to the JSON to indicate when a new hash function was added. Fixes #362. See https://github.com/w3c/webauthn/pull/710Received on Wednesday, 6 December 2017 21:25:23 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:30 UTC