- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Mon, 10 Sep 2018 14:08:53 +0000
- To: public-webauthn@w3.org
emlun has just created a new issue for https://github.com/w3c/webauthn: == Verify signature first in RP operations? == It's good hygiene in cryptographic operations to [verify signatures before doing anything else][doom]. The [RP Operations][rp] currently list verifying the signature as one of the last steps. Should we rearrange the RP Operations steps to verify the signature as early as possible? Doing this would not break any compatibility since this is all RP implementation details. [doom]: https://moxie.org/blog/the-cryptographic-doom-principle/ [rp]: https://w3c.github.io/webauthn/#rp-operations Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1064 using your GitHub account
Received on Monday, 10 September 2018 14:08:55 UTC