[webauthn] new commits pushed by equalsJeffH from =JeffH via GitHub on 2019-10-29 (public-webauthn@w3.org from October 2019)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Tue, 29 Oct 2019 22:16:16 +0000
To: public-webauthn@w3.org
Message-ID: <push-428bf827db5fa8d45865fcce7a41427bf910ee2f-1572387375-sysbot+gh@w3.org>

The following commits were just pushed by equalsJeffH to https://github.com/w3c/webauthn:

* Truncate strings for authenticators where needed. (#1316)

* Truncate strings for authenticators where needed.

There exist a significant number of authenticators that do not conform
to the current WebAuthn requirements in that they fail requests with
name/displayName strings longer than 64 bytes, rather than truncating
them.

This change adds a new requirement on user-agents that they maintain the
authenticator model for RPs by doing the truncation on their behalf in
this case. The alternative is that each RP will hit this edge-case and
do the truncation itself, thus the ecosystem will never be able to
support longer strings.

Since user-agents may now be doing truncation, this change also permits
truncation at the level of grapheme clusters (since user-agents
presumably have Unicode tables available).

Fixes #1296.

* Address Jeff and Emil's comments.
  by Adam Langley
https://github.com/w3c/webauthn/commit/428bf827db5fa8d45865fcce7a41427bf910ee2f

Received on Tuesday, 29 October 2019 22:16:17 UTC