Re: [webauthn] Should clients enforce challenge length? (#1115) from Philippe Le Hegaret via GitHub on 2018-12-06 (public-webauthn@w3.org from December 2018)

From: Philippe Le Hegaret via GitHub <sysbot+gh@w3.org>
Date: Thu, 06 Dec 2018 16:20:51 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-444931160-1544113249-sysbot+gh@w3.org>

This might relevant for this issue:
Both Chrome and Firefox currently fulfill the promise if you use an empty ArrayBuffer for options.publicKey.challenge . The subtest at
https://github.com/web-platform-tests/wpt/blob/692ce5ae58a420893bd318e74b7e342a980b05a6/webauthn/createcredential-badargs-challenge.https.html#L20 .
As a side, I believe the test is incorrect to expect a TypeError and instead should expect a SecurityError, if any.

-- 
GitHub Notification of comment by plehegar
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1115#issuecomment-444931160 using your GitHub account

Received on Thursday, 6 December 2018 16:20:52 UTC