- From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
- Date: Wed, 28 Feb 2018 01:09:55 +0000
- To: public-webauthn@w3.org
There is no such section and spec to describe the requirements of authenticators for UVI extension directly. But if you read followings, you may understand that the way for authenticators to generate UVI value. The spec describes the max length of UVI value implicitly by defining FIDO Server requirements. > Each UVI value must be specific to the related key (in order to provide unlinkability). It also must contain sufficient entropy that makes guessing impractical. UVI values must not be reused by the Authenticator (for other biometric data or users). For making clearly, it would be better to provide the requirements of authenticators. In short, the length of UVI value is up to authenticator but can not exceed 32 bytes and UVI value should be sent to FIDO server without any loss of data. Regarding webauthn authenticators, since webauthn spec does define extensions including UVI, I think webauthn authenticators supporting UVI feature should meet such requirements. -- GitHub Notification of comment by Kieun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/823#issuecomment-369084999 using your GitHub account
Received on Wednesday, 28 February 2018 01:10:01 UTC