Re: [webauthn] Refine JSON serialization to use UTF-8 encoding for `user.id` and `userHandle` (#2013) from Lucas Garron via GitHub on 2024-01-16 (public-webauthn@w3.org from January 2024)

From: Lucas Garron via GitHub <sysbot+gh@w3.org>
Date: Tue, 16 Jan 2024 00:04:31 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1892892599-1705363468-sysbot+gh@w3.org>

I agree with @emlun. The spec treats the user handle as a binary string (rather than an encoded text string) in various ways, and I think it would be a liability to change that.

Further, supporting UTF-8 implies that it is reasonable to encode something more structured or even user-provided instead of random. This *could* be sufficiently secure, but the use of an opaque binary string encourages a secure implementation by default.

-- 
GitHub Notification of comment by lgarron
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2013#issuecomment-1892892599 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 16 January 2024 00:04:34 UTC