Re: [webauthn] Fix #593: employ PRECIS RFC8264 et al for 'name'-ish domstring values

thx @stpeter & @aphillips 

Ok, so if I interpret the above comments correctly, having the guidance in the spec whereas servers and clients SHOULD apply PRECIS to those name-ish strings, is nominally OK?

WRT the other portion of issue #593 ..
> 2. providing implementer guidance regarding how to display/present these string values in order to mitigate effects of possibly malicious string content.

..we could as @jcjones suggests concoct some modest _guidance/advice_ to "...always use UI elements to provide a clear boundary around these strings, and **not allow overflow into other elements**, etc."  ?    (the latter is [the crux of the feedback]( that @jcjones got from @zbraniecki)

GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at using your GitHub account

Received on Wednesday, 27 June 2018 16:41:43 UTC