W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2018

[webauthn] Closed Pull Request: Allow client to refuse too short challenges

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 11 Apr 2018 17:23:00 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.closed-179384444-1523467373-sysbot+gh@w3.org>
emlun has just closed emlun's pull request 859 for https://github.com/w3c/webauthn:

== Allow client to refuse too short challenges ==
As suggested in https://github.com/w3c/webauthn/issues/85#issuecomment-372309459 . This would merge into #858.

This would allow clients to refuse challenges that are clearly suspicious in their soundness, although it wouldn't help enforce any requirements on the actual randomness of the contents.

This is potentially breaking, depending on perspective. Clients will not need to change, but they may if they want to. RPs will need to change if at least one client does.

I will not object to closing this if it doesn't seem like a good idea.


<!--
    This comment and the below content is programatically generated.
    You may add a comma-separated list of anchors you'd like a
    direct link to below (e.g. #idl-serializers, #idl-sequence):

    Don't remove this comment or modify anything below this line.
    If you don't want a preview generated for this pull request,
    just replace the whole of this comment's content by "no preview"
    and remove what's below.
-->
***
<a href="https://pr-preview.s3.amazonaws.com/emlun/webauthn/pull/859.html" title="Last updated on Apr 4, 2018, 1:07 PM GMT (77a126a)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/859/c0fc950...emlun:77a126a.html" title="Last updated on Apr 4, 2018, 1:07 PM GMT (77a126a)">Diff</a>

See https://github.com/w3c/webauthn/pull/859
Received on Wednesday, 11 April 2018 17:23:02 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:32 UTC