- From: Mike Jones via GitHub <sysbot+gh@w3.org>
- Date: Mon, 11 Sep 2017 22:43:14 +0000
- To: public-webauthn@w3.org
As has been discussed in the corresponding FIDO 2.0 CTAP issue https://github.com/fido-alliance/fido-2-specs/issues/200, the recipient can't assume that the content is canonical CBOR even if it's specified that it must be. That imposes additional validation steps that the authenticator must perform that otherwise would not be necessary. This seems like a "false savings" to me, as many of the canonicalization features add no value for this use case. -- GitHub Notification of comment by selfissued Please view or discuss this issue at https://github.com/w3c/webauthn/issues/455#issuecomment-328679610 using your GitHub account
Received on Monday, 11 September 2017 22:43:07 UTC