W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2018

Re: [webauthn] Allow client to refuse too short challenges

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Wed, 04 Apr 2018 16:50:37 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-378669091-1522860636-sysbot+gh@w3.org>
Mmm... I can't think of many reasons why anyone would ever want to decrease the length of a challenge. It does seem like it might be short-sighted to declare 16 good, 15 bad in a long-lived spec. However for interop, I'd hate if Firefox required 32 bytes but Chrome was okay with only 4.... This is not straightforward.

-- 
GitHub Notification of comment by jcjones
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/859#issuecomment-378669091 using your GitHub account
Received on Wednesday, 4 April 2018 16:50:45 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:32 UTC