W3C home > Mailing lists > Public > public-webauthn@w3.org > December 2018

Re: [webauthn] Should clients enforce challenge length? (#1115)

From: Philippe Le Hegaret via GitHub <sysbot+gh@w3.org>
Date: Thu, 06 Dec 2018 16:20:51 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-444931160-1544113249-sysbot+gh@w3.org> 
This might relevant for this issue:
Both Chrome and Firefox currently fulfill the promise if you use an empty ArrayBuffer for options.publicKey.challenge . The subtest at
https://github.com/web-platform-tests/wpt/blob/692ce5ae58a420893bd318e74b7e342a980b05a6/webauthn/createcredential-badargs-challenge.https.html#L20 .
As a side, I believe the test is incorrect to expect a TypeError and instead should expect a SecurityError, if any.

-- 
GitHub Notification of comment by plehegar
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1115#issuecomment-444931160 using your GitHub account
Received on Thursday, 6 December 2018 16:20:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:59 UTC