Re: [webauthn] Add note about use of floating point in extensions passed through that clients do not recognize (#1307) from Emil Lundberg via GitHub on 2019-09-25 (public-webauthn@w3.org from September 2019)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 25 Sep 2019 08:35:11 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-534915401-1569400508-sysbot+gh@w3.org>

@peteroupc I don't think that should be a problem, at least for WebAuthn ceremonies. The RP has no direct control of the exact bytes being sent to the authenticator anyway (because the client can add random extra stuff to the CollectedClientData, for example), so you can't rely on the same input producing the exact same outputs even with deterministic signatures.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1307#issuecomment-534915401 using your GitHub account

Received on Wednesday, 25 September 2019 08:35:12 UTC