W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2018

[webauthn] Merged Pull Request: Fix #593: employ PRECIS RFC8264 et al for 'name'-ish domstring values

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Fri, 13 Jul 2018 00:57:04 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.closed-194963595-1531443422-sysbot+gh@w3.org>
equalsJeffH has just merged equalsJeffH's pull request 951 for https://github.com/w3c/webauthn:

== Fix #593: employ PRECIS RFC8264 et al for 'name'-ish domstring values ==
I suggest this PR as an alternative to PR #878.  In my review of the latter, and of PRECIS RFCs 8264, 8265, 8266, it seems that we ought to provide more fine-grained guidance regarding employing PRECIS to "corral" RP- and user-supplied "name"-ish strings.  See discussion in both issue #593 and pr #878.

cc @stpeter

fixes #593

This does not (as yet) address #593 because the latter issue touches on two aspects to the overall issue:
1. corralling the unicode content of the "name"-ish domstrings
2. providing implementer guidance regarding how to display/present these string values in order to mitigate effects of possibly malicious string content.

Originally, this PR addressed only item 1, above. 
Now (11-Jul-2018) it also addresses item 2, see commit 4ddc3c0 and https://github.com/w3c/webauthn/pull/951#issuecomment-404334287.


<!--
    This comment and the below content is programatically generated.
    You may add a comma-separated list of anchors you'd like a
    direct link to below (e.g. #idl-serializers, #idl-sequence):

    Don't remove this comment or modify anything below this line.
    If you don't want a preview generated for this pull request,
    just replace the whole of this comment's content by "no preview"
    and remove what's below.
-->
***
<a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/pull/951.html" title="Last updated on Jul 11, 2018, 10:51 PM GMT (4ddc3c0)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/951/ca80875...4ddc3c0.html" title="Last updated on Jul 11, 2018, 10:51 PM GMT (4ddc3c0)">Diff</a>

See https://github.com/w3c/webauthn/pull/951
Received on Friday, 13 July 2018 00:57:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:52 UTC