- From: Mike Jones via GitHub <sysbot+gh@w3.org>
- Date: Wed, 13 Dec 2017 18:36:01 +0000
- To: public-webauthn@w3.org
selfissued has just merged agl's pull request 710 for https://github.com/w3c/webauthn:
== Specify that SHA-256 is used for hashing the client data. ==
Previously, the client could choose any "recognized algorithm name" for
hashing, but RPs need to know which hash function(s) to support.
Rather than choose a set of hash functions and add implementation burden
for no clear reason, this change specifies that SHA-256 will be used.
Should we need to revisit this, we can spin a new version of the spec:
the RP can signal support for other algorithms via
`PublicKeyCredentialType` and the hashAlgorithm member can be readded to
the JSON to indicate when a new hash function was added.
Fixes #362.
<!--
This comment and the below content is programatically generated.
You may add a comma-separated list of anchors you'd like a
direct link to below (e.g. #idl-serializers, #idl-sequence):
Don't remove this comment or modify anything below this line.
If you don't want a preview generated for this pull request,
just replace the whole of this comment's content by "no preview"
and remove what's below.
-->
***
<a href="https://pr-preview.s3.amazonaws.com/agl/webauthn/pull/710.html" title="Last updated on Dec 8, 2017, 4:28 AM GMT (eeac8d1)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/710/12f2d09...agl:eeac8d1.html" title="Last updated on Dec 8, 2017, 4:28 AM GMT (eeac8d1)">Diff</a>
See https://github.com/w3c/webauthn/pull/710
Received on Wednesday, 13 December 2017 18:36:08 UTC