W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2018

[webauthn] Pull Request: Allow client to refuse too short challenges

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 04 Apr 2018 13:07:30 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.opened-179384444-1522847248-sysbot+gh@w3.org>
emlun has just submitted a new pull request for https://github.com/w3c/webauthn:

== Allow client to refuse too short challenges ==
As suggested in https://github.com/w3c/webauthn/issues/85#issuecomment-372309459 . This would merge into #858.

This would allow clients to refuse challenges that are clearly suspicious in their soundness, although it wouldn't help enforce any requirements on the actual randomness of the contents.

This is potentially breaking, depending on perspective. Clients will not need to change, but they may if they want to. RPs will need to change if at least one client does.

I will not object to closing this if it doesn't seem like a good idea.

See https://github.com/w3c/webauthn/pull/859
Received on Wednesday, 4 April 2018 13:07:32 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:32 UTC