W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2018

Re: [webauthn] assertionChallenge recommendations

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Mon, 12 Mar 2018 13:29:35 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-372309459-1520861374-sysbot+gh@w3.org>
There is some mention of required randomness in [ยง13.1. Cryptographic Challenges][sec-cons], but I agree a recommended minimum length would be good.

Should we perhaps also specify that the browser MAY, SHOULD or MUST refuse a request if the challenge is shorter than the specified minimum? Thoughts on that?

[sec-cons]: https://w3c.github.io/webauthn/#cryptographic-challenges

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/85#issuecomment-372309459 using your GitHub account
Received on Monday, 12 March 2018 13:29:38 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:31 UTC