Re: [webauthn] Specify if clients are expected to follow redirects for icon URLs (#1285)

> Perhaps the right thing to do here is to amend the definition for these icons to specify that these are only valid if they are `data:` URLs of a valid image type.

In that case, it would be nice to specify a more reasonable expectation than 128 bytes of storage for the icon.

128 bytes is reasonable for a URL, but squeezing icons into 128 `data:` bytes is basically futile. A recommended target of 4K or 8K is somewhat doable. (Perhaps it could be specified like `srcset`, offering a large image for computer/phone-side authenticator storage with lots of space vs.small one for space-constrained on-key storage.)

-- 
GitHub Notification of comment by lgarron
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1285#issuecomment-525909822 using your GitHub account

Received on Wednesday, 28 August 2019 20:29:44 UTC