Re: [webauthn] assertionChallenge recommendations

There is some mention of required randomness in [ยง13.1. Cryptographic Challenges][sec-cons], but I agree a recommended minimum length would be good.

Should we perhaps also specify that the browser MAY, SHOULD or MUST refuse a request if the challenge is shorter than the specified minimum? Thoughts on that?


GitHub Notification of comment by emlun
Please view or discuss this issue at using your GitHub account

Received on Monday, 12 March 2018 13:29:38 UTC