W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Specify what happens when the Client receives invalid CBOR

From: Angelo Liao via GitHub <sysbot+gh@w3.org>
Date: Wed, 06 Sep 2017 18:33:16 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-327574351-1504722786-sysbot+gh@w3.org>
After talking to @akshayku, I learned that the CTAP layer already has a way to handle malformed CBOR by erroring out. It's not necessary to do the same action on the web layer. CBOR will be validated when it is parsed and used. Outer layers should simply pass the CBOR bytes to the components that will consume. Outer layers shouldn’t know the details of the inner CBOR that might change over time.

Closing the issue. 

-- 
GitHub Notification of comment by AngeloKai
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/469#issuecomment-327574351 using your GitHub account
Received on Wednesday, 6 September 2017 18:33:18 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC