- From: Vijay Bharadwaj via GitHub <sysbot+gh@w3.org>
- Date: Mon, 06 Mar 2017 16:27:34 +0000
- To: public-webauthn@w3.org
Yes. To be more complete, the intention is: - Algorithms need not be specified by the RP, if it is happy to deal with the default settings of clients and maybe break in unusual cases. So if no crypto parameters are specified, things should still just work. - However, if an RP specifies algorithms, then it clearly cares about which algorithms it gets. In this case the client should try not to return something that does not fit the RP's specified parameters. So, when processing algorithms in the case that the RP has actually specified some: - If normalizing an algorithm fails, just ignore it and go to the next one. There will be new algorithms over time so it is not that unlikely there will be an algorithm the client does not understand. - If none of the algorithms could be normalized, then we have zero intersection between what the RP wants and the client can do. In this case we should fail. Otherwise, the client should just use one of the algorithms it understands. Of course we still have issue #267 to clean up this text, but I'm sure the wording can be improved further. Any suggestions or pointers would be welcome. -- GitHub Notification of comment by vijaybh Please view or discuss this issue at https://github.com/w3c/webauthn/issues/264#issuecomment-284449429 using your GitHub account
Received on Monday, 6 March 2017 16:27:41 UTC