[webauthn] Specify what happens when the Client receives invalid CBOR from Jeffrey Yasskin via GitHub on 2017-05-21 (public-webauthn@w3.org from May 2017)

From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
Date: Sun, 21 May 2017 04:47:05 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-230196770-1495342024-sysbot+gh@w3.org>

jyasskin has just created a new issue for https://github.com/w3c/webauthn:

== Specify what happens when the Client receives invalid CBOR ==
Similar to https://github.com/fido-alliance/fido-2-specs/issues/238, WebAuthn needs to specify what the Client does (and maybe what the Relying Party should do) when it gets invalid CBOR from an Authenticator. For example, the [attestation data](https://w3c.github.io/webauthn/#sec-attestation-data) includes a CBOR map, which can be malformed in 3 ways:
1. It might not be a CBOR map.
2. The CBOR map might have an indefinite length.
3. The CBOR map might have a key listed twice.
4. (If we specify [a subset of canonical CBOR](https://github.com/w3c/webauthn/issues/455), the keys might not be in order.)

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/469 using your GitHub account

Received on Sunday, 21 May 2017 04:47:23 UTC