[webauthn] Pull Request: Truncate strings for authenticators where needed. from Adam Langley via GitHub on 2019-10-15 (public-webauthn@w3.org from October 2019)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Tue, 15 Oct 2019 18:19:08 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.opened-328401724-1571163546-sysbot+gh@w3.org>

agl has just submitted a new pull request for https://github.com/w3c/webauthn:

== Truncate strings for authenticators where needed. ==
There exist a significant number of authenticators that do not conform
to the current WebAuthn requirements in that they fail requests with
name/displayName strings longer than 64 bytes, rather than truncating
them.

This change adds a new requirement on user-agents that they maintain the
authenticator model for RPs by doing the truncation on their behalf in
this case. The alternative is that each RP will hit this edge-case and
do the truncation itself, thus the ecosystem will never be able to
support longer strings.

Since user-agents may now be doing truncation, this change also permits
truncation at the level of grapheme clusters (since user-agents
presumably have Unicode tables available).

Fixes #1296.

See https://github.com/w3c/webauthn/pull/1316

Received on Tuesday, 15 October 2019 18:19:09 UTC