[webauthn] Pull Request: Allow client to refuse too short challenges from Emil Lundberg via GitHub on 2018-04-04 (public-webauthn@w3.org from April 2018)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 04 Apr 2018 13:07:30 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.opened-179384444-1522847248-sysbot+gh@w3.org>

emlun has just submitted a new pull request for https://github.com/w3c/webauthn:

== Allow client to refuse too short challenges ==
As suggested in https://github.com/w3c/webauthn/issues/85#issuecomment-372309459 . This would merge into #858.

This would allow clients to refuse challenges that are clearly suspicious in their soundness, although it wouldn't help enforce any requirements on the actual randomness of the contents.

This is potentially breaking, depending on perspective. Clients will not need to change, but they may if they want to. RPs will need to change if at least one client does.

I will not object to closing this if it doesn't seem like a good idea.

See https://github.com/w3c/webauthn/pull/859

Received on Wednesday, 4 April 2018 13:07:32 UTC