As has been discussed in the corresponding FIDO 2.0 CTAP issue https://github.com/fido-alliance/fido-2-specs/issues/200, the recipient can't assume that the content is canonical CBOR even if it's specified that it must be. That imposes additional validation steps that the authenticator must perform that otherwise would not be necessary. This seems like a "false savings" to me, as many of the canonicalization features add no value for this use case. -- GitHub Notification of comment by selfissued Please view or discuss this issue at https://github.com/w3c/webauthn/issues/455#issuecomment-328679610 using your GitHub accountReceived on Monday, 11 September 2017 22:43:07 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC