Re: [webauthn] Certain issues in client extension pass-through specification (#1273) from Peter Occil via GitHub on 2019-08-10 (public-webauthn@w3.org from August 2019)

From: Peter Occil via GitHub <sysbot+gh@w3.org>
Date: Sat, 10 Aug 2019 06:50:41 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-520123892-1565419840-sysbot+gh@w3.org>

In that case, this issue is also related to #1044, in that there is no unambiguous way to "detect whether a [JavaScript `Number`] value is an integer"  And this matters for canonicalization purposes (neither WebAuthn nor RFC7049 clarify this matter sufficiently for such purposes).  For example, CBOR integers can store only integers in [-(2^64), 2^64 - 1], not all integers representable in a JavaScript `Number`.  Likewise, 32- and 64-bit signed and unsigned integers cannot represent all integers representable in a JavaScript `Number`.  On the other hand, JavaScript `Number`s can represent all integers in [-(2^53), 2^53], but not all integers in, say, [-(2^64), 2^64].  This results in several plausible choices for the threshold below which integer `Number`s are converted to CBOR integers (e.g., 2^53, 2^64, and 2^32).  My suggested solution avoids this problem by referring to _types_, not _numbers_.

-- 
GitHub Notification of comment by peteroupc
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1273#issuecomment-520123892 using your GitHub account

Received on Saturday, 10 August 2019 06:50:43 UTC