W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2020

Re: [webauthn] Add a way to use webauthn without Javascript (#1255)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Mon, 25 May 2020 09:57:32 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-633489734-1590400651-sysbot+gh@w3.org>
>prerendering old dynamic stuff, like challenge for registration forms.

You should never reuse a [`challenge`](https://www.w3.org/TR/2019/WD-webauthn-2-20191126/#dom-publickeycredentialcreationoptions-challenge), it should be uniquely generated for each registration/authentication ceremony. See [ยง13.4.1. Cryptographic Challenges
](https://www.w3.org/TR/2019/WD-webauthn-2-20191126/#sctn-cryptographic-challenges) (and pardon me if I misinterpreted what you meant).

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1255#issuecomment-633489734 using your GitHub account
Received on Monday, 25 May 2020 09:57:33 UTC

This archive was generated by hypermail 2.4.0 : Monday, 25 May 2020 09:57:34 UTC