Re: [webauthn] New PublicKeyCredential methods for JSON (de)serialization (#1703)

> @dwaite I'm aware of that. I was indeed referring to a raw JSON String, not the parsed object. I think it would be rather trivial to utf-8 encode it on the server side (instead of base64 decoding it) to get the correct byte array for signature verification.

Unicode normalization forms would be the issue here, not utf-8 encoding (I would expect the JSON to already be UTF-8 encoded).

The only way this works AFAIK would be if the client and the server (either through normalization step or intermediary transport guarantees) represented that string in Unicode normalization form C, for the purposes of re-creating the byte stream accurately from the unicode text.

I personally don't think such a requirement is worth saving a few bytes on the wire.

GitHub Notification of comment by dwaite
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Sunday, 19 June 2022 07:08:35 UTC