W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2017

[webauthn] Merged Pull Request: Specify that SHA-256 is used for hashing the client data.

From: Mike Jones via GitHub <sysbot+gh@w3.org>
Date: Wed, 13 Dec 2017 18:36:01 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.closed-156843561-1513190160-sysbot+gh@w3.org>
selfissued has just merged agl's pull request 710 for https://github.com/w3c/webauthn:

== Specify that SHA-256 is used for hashing the client data. ==
Previously, the client could choose any "recognized algorithm name" for
hashing, but RPs need to know which hash function(s) to support.

Rather than choose a set of hash functions and add implementation burden
for no clear reason, this change specifies that SHA-256 will be used.

Should we need to revisit this, we can spin a new version of the spec:
the RP can signal support for other algorithms via
`PublicKeyCredentialType` and the hashAlgorithm member can be readded to
the JSON to indicate when a new hash function was added.

Fixes #362.


<!--
    This comment and the below content is programatically generated.
    You may add a comma-separated list of anchors you'd like a
    direct link to below (e.g. #idl-serializers, #idl-sequence):

    Don't remove this comment or modify anything below this line.
    If you don't want a preview generated for this pull request,
    just replace the whole of this comment's content by "no preview"
    and remove what's below.
-->
***
<a href="https://pr-preview.s3.amazonaws.com/agl/webauthn/pull/710.html" title="Last updated on Dec 8, 2017, 4:28 AM GMT (eeac8d1)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/710/12f2d09...agl:eeac8d1.html" title="Last updated on Dec 8, 2017, 4:28 AM GMT (eeac8d1)">Diff</a>

See https://github.com/w3c/webauthn/pull/710
Received on Wednesday, 13 December 2017 18:36:08 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:45 UTC