W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2017

[webauthn] Specify what happens when the Client receives invalid CBOR

From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
Date: Sun, 21 May 2017 04:47:05 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-230196770-1495342024-sysbot+gh@w3.org>
jyasskin has just created a new issue for https://github.com/w3c/webauthn:

== Specify what happens when the Client receives invalid CBOR ==
Similar to https://github.com/fido-alliance/fido-2-specs/issues/238, WebAuthn needs to specify what the Client does (and maybe what the Relying Party should do) when it gets invalid CBOR from an Authenticator. For example, the [attestation data](https://w3c.github.io/webauthn/#sec-attestation-data) includes a CBOR map, which can be malformed in 3 ways:
1. It might not be a CBOR map.
2. The CBOR map might have an indefinite length.
3. The CBOR map might have a key listed twice.
4. (If we specify [a subset of canonical CBOR](https://github.com/w3c/webauthn/issues/455), the keys might not be in order.)

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/469 using your GitHub account
Received on Sunday, 21 May 2017 04:47:23 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:26 UTC