Re: [webauthn] JSON-serialized client data is wrong

@emlun wrote https://github.com/w3c/webauthn/issues/712#issuecomment-367763772
> I think we should instead not reference the ECMAScript API at all for this. This part of the spec does not define actions to take by JavaScript code running in the client, rather it specifies behaviour internal to the client.

even tho you later retracted the above, just to clarify, I'll note that "this part of the spec", i.e. both `[[Create]]` and `[[DiscoverFromExternalSource]]` algorithms, are explicitly defining "behaviour internal to the client", i.e., the browser.  [ Hence, RP folk do not necessarily need to read or understand them. Hence PR #375 ]

@emlun later wrote https://github.com/w3c/webauthn/issues/712#issuecomment-368177185
> I'll retract my previous idea of eliminating the reference to the ECMAScript API. I think it probably is best to keep that, so we don't have to repeat a definition of how to serialize the JavaScript object to JSON.

whew, agreed :)

@selfissued https://github.com/w3c/webauthn/issues/712#issuecomment-368183899
> Rather than closing it, I'd rather that we changed the milestone because there are substantive details lurking here that we should try to get right.

Nominally agreed, tho if what we have in there now is "good enough" for PR and Recommendation maturity-levels (I spose we'll find out), then we may not want to gate those milestones on updating both https://infra.spec.whatwg.org/ and https://tc39.github.io/ecma262/.






-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/712#issuecomment-368676039 using your GitHub account

Received on Monday, 26 February 2018 22:37:12 UTC