Re: [webauthn] truncation to 64-byte upper limit doesn't mention character boundaries from Adam Langley via GitHub on 2018-07-12 (public-webauthn@w3.org from July 2018)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Thu, 12 Jul 2018 18:28:59 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-404607021-1531420138-sysbot+gh@w3.org>

As a browser, we're not going to trust the data coming from an authenticator. So even if the spec says that the authenticator must handle UTF-8 correctly and truncate only whole code points, we're still going to UTF-8 validate the data and handle abrupt truncation. So the authenticator might as well not bother.

On the other hand, knowing that the string was truncated would be useful.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/973#issuecomment-404607021 using your GitHub account

Received on Thursday, 12 July 2018 18:29:02 UTC