Re: [webauthn] Unclear whether compressed curve points need to be supported by RPs (#1447)

Lets also add language that you need to **explicitly validate** any public key to make sure it's on the curve to stop invalid curve attacks

GitHub Notification of comment by arianvp
Please view or discuss this issue at using your GitHub account

Received on Wednesday, 1 July 2020 19:32:30 UTC