W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2018

Re: [webauthn] Allow client to refuse too short challenges

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Wed, 04 Apr 2018 16:50:37 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-378669091-1522860636-sysbot+gh@w3.org>
Mmm... I can't think of many reasons why anyone would ever want to decrease the length of a challenge. It does seem like it might be short-sighted to declare 16 good, 15 bad in a long-lived spec. However for interop, I'd hate if Firefox required 32 bytes but Chrome was okay with only 4.... This is not straightforward.

GitHub Notification of comment by jcjones
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/859#issuecomment-378669091 using your GitHub account
Received on Wednesday, 4 April 2018 16:50:45 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:32 UTC