Re: Credentials ID - Size from Adam Langley on 2023-06-22 (public-webauthn@w3.org from June 2023)

From: Adam Langley <agl@google.com>
Date: Thu, 22 Jun 2023 15:01:09 -0700
To: BalaKishore <balakishore808@gmail.com>
Cc: public-webauthn@w3.org
Message-ID: <CAL9PXLwoUDmgQ8t372WyvQ_GRxW6XkPL+zubGWZ8wNBMV2Nv-A@mail.gmail.com>

On Thu, Jun 22, 2023 at 2:52 PM BalaKishore <balakishore808@gmail.com>
wrote:

> Hi All,
>
> I have a query regarding credential ID, while working with WebDevAuthn
> simulator on chrome, we found the credential-ID to be very large, almost
> 3000 to 4000 characters. Can we consider this as a valid value and process
> it?
>
> Will there be any future consideration to restrict the value of the size
> of credential-id.
>
> https://www.w3.org/TR/webauthn/#credential-id
>

Credential IDs are limited to 1023 bytes in the current draft:

https://w3c.github.io/webauthn/#credential-id
"A probabilistically-unique byte sequence identifying a public key
credential source and its authentication assertions. At most 1023 bytes
long."

Cheers

AGL

Received on Thursday, 22 June 2023 22:01:32 UTC