W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2017

[webauthn] Pull Request: Specify that SHA-256 is used for hashing the client data.

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Wed, 06 Dec 2017 21:25:18 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.opened-156843561-1512595517-sysbot+gh@w3.org>
agl has just submitted a new pull request for https://github.com/w3c/webauthn:

== Specify that SHA-256 is used for hashing the client data. ==
Previously, the client could choose any "recognized algorithm name" for
hashing, but RPs need to know which hash function(s) to support.

Rather than choose a set of hash functions and add implementation burden
for no clear reason, this change specifies that SHA-256 will be used.

Should we need to revisit this, we can spin a new version of the spec:
the RP can signal support for other algorithms via
`PublicKeyCredentialType` and the hashAlgorithm member can be readded to
the JSON to indicate when a new hash function was added.

Fixes #362.

See https://github.com/w3c/webauthn/pull/710
Received on Wednesday, 6 December 2017 21:25:23 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:45 UTC