[webauthn] Unspecified CBOR encoding of integer numbers above a threshold from Peter Occil via GitHub on 2018-08-17 (public-webauthn@w3.org from August 2018)

From: Peter Occil via GitHub <sysbot+gh@w3.org>
Date: Fri, 17 Aug 2018 23:48:05 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-351769440-1534549684-sysbot+gh@w3.org>

peteroupc has just created a new issue for https://github.com/w3c/webauthn:

== Unspecified CBOR encoding of integer numbers above a threshold ==
Section 9 contains the following text:

> When the JavaScript value is a non-integer number, it is converted to a 64-bit CBOR floating point number. Otherwise, when the JavaScript type corresponds to a JSON type, the conversion is done using the rules defined in Section 4.2 of [RFC7049] (Converting from JSON to CBOR), but operating on inputs of JavaScript type values rather than inputs of JSON type values.

However, because section 4.2 says the following:

> JSON numbers without fractional parts (integer numbers) are represented as integers ...; integers longer than *an implementation-defined threshold* (which is usually either 32 or 64 bits) may instead be represented as floating-point values.

and section 9 doesn't specify an implementation-defined threshold, then CBOR canonicalization is not possible if those integers are present &mdash; as a result it is not specified how integers greater than "an implementation-defined threshold" (2<sup>32</sup>? 2<sup>31</sup>? 2<sup>64</sup>? some other threshold?) should be encoded (as integers? as floating-point numbers?).

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1044 using your GitHub account

Received on Friday, 17 August 2018 23:48:06 UTC