W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2022

Re: [webauthn] New PublicKeyCredential methods for JSON (de)serialization (#1703)

From: David Waite via GitHub <sysbot+gh@w3.org>
Date: Sun, 19 Jun 2022 07:08:34 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1159635495-1655622512-sysbot+gh@w3.org>
> @dwaite I'm aware of that. I was indeed referring to a raw JSON String, not the parsed object. I think it would be rather trivial to utf-8 encode it on the server side (instead of base64 decoding it) to get the correct byte array for signature verification.

Unicode normalization forms would be the issue here, not utf-8 encoding (I would expect the JSON to already be UTF-8 encoded).

The only way this works AFAIK would be if the client and the server (either through normalization step or intermediary transport guarantees) represented that string in Unicode normalization form C, for the purposes of re-creating the byte stream accurately from the unicode text.

I personally don't think such a requirement is worth saving a few bytes on the wire.

-- 
GitHub Notification of comment by dwaite
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1703#issuecomment-1159635495 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Sunday, 19 June 2022 07:08:35 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:46 UTC