W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2018

Re: [webauthn] Fix #593: employ PRECIS RFC8264 et al for 'name'-ish domstring values

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 27 Jun 2018 16:41:38 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-400747725-1530117697-sysbot+gh@w3.org>
thx @stpeter & @aphillips 

Ok, so if I interpret the above comments correctly, having the guidance in the spec whereas servers and clients SHOULD apply PRECIS to those name-ish strings, is nominally OK?

WRT the other portion of issue #593 ..
> 2. providing implementer guidance regarding how to display/present these string values in order to mitigate effects of possibly malicious string content.

..we could as @jcjones suggests concoct some modest _guidance/advice_ to "...always use UI elements to provide a clear boundary around these strings, and **not allow overflow into other elements**, etc."  ?    (the latter is [the crux of the feedback](https://github.com/w3c/webauthn/issues/593#issuecomment-369402225) that @jcjones got from @zbraniecki)

GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/951#issuecomment-400747725 using your GitHub account
Received on Wednesday, 27 June 2018 16:41:43 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC