W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2022

Re: [webauthn] Provide request deserialization, response serialization (#1683)

From: David Waite via GitHub <sysbot+gh@w3.org>
Date: Tue, 11 Jan 2022 21:14:03 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1010364373-1641935641-sysbot+gh@w3.org>
> Another concern is how extensions which use ArrayBuffer for input need to be documented. For example the credBlob extension input is ArrayBuffer rather than JSON. This means that the optionsFromJSON method would need to be "extension aware", which is new behaviour. Not sure if there are any other extensions with this characteristic.

Extensions are what made me prefer a binary CBOR block vs attempting to structure information as JSON - the binary aspect of CBOR means that the browser has to be aware of the format of all extensions it is willing to support.

That said - I believe browsers are all currently white-listing extensions, which means that they can ignore the formatting/validity of requested extensions they do not understand.

-- 
GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1683#issuecomment-1010364373 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 11 January 2022 21:14:04 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:38:44 UTC