Re: [webauthn] Add instructions for passing unknown extensions to authenticators from =JeffH via GitHub on 2018-02-12 (public-webauthn@w3.org from February 2018)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Mon, 12 Feb 2018 18:34:03 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-365018078-1518460441-sysbot+gh@w3.org>

Agree with @selfissued's feature-flag suggestion: https://github.com/w3c/webauthn/pull/789#issuecomment-364536969

Perhaps a Note is warranted?

Otherwise text seems OK, tho as @agl notes, RPs can send arbitrary (CBOR-encoded) data to authenticators, if this functionality is enabled.  FWIW, this threat _is_ addressed in the FIDO Security Reference: T-1.4.9, T-1.4.30.










-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/789#issuecomment-365018078 using your GitHub account

Received on Monday, 12 February 2018 18:34:09 UTC