W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2017

Re: [webauthn] Exception handling in cryptoParameters processing needs to be clarified

From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
Date: Mon, 06 Mar 2017 16:27:34 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-284449429-1488817653-sysbot+gh@w3.org>
Yes. To be more complete, the intention is:
- Algorithms need not be specified by the RP, if it is happy to deal 
with the default settings of clients and maybe break in unusual cases.
 So if no crypto parameters are specified, things should still just 
work.
- However, if an RP specifies algorithms, then it clearly cares about 
which algorithms it gets. In this case the client should try not to 
return something that does not fit the RP's specified parameters.

So, when processing algorithms in the case that the RP has actually 
specified some:
- If normalizing an algorithm fails, just ignore it and go to the next
 one. There will be new algorithms over time so it is not that 
unlikely there will be an algorithm the client does not understand.
- If none of the algorithms could be normalized, then we have zero 
intersection between what the RP wants and the client can do. In this 
case we should fail. Otherwise, the client should just use one of the 
algorithms it understands.

Of course we still have issue #267 to clean up this text, but I'm sure
 the wording can be improved further. Any suggestions or pointers 
would be welcome.

-- 
GitHub Notification of comment by vijaybh
Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/264#issuecomment-284449429 
using your GitHub account
Received on Monday, 6 March 2017 16:27:41 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:25 UTC