- From: philomathic_life via GitHub <sysbot+gh@w3.org>
- Date: Sat, 30 Nov 2024 16:44:24 +0000
- To: public-webauthn@w3.org
Another issue with using valid domain as mentioned in #2059 is that it's possibly _too_ strict. The following "domains" are _not_ "valid domains"; yet I wouldn't be surprised if RPs would like them to be treated as valid: * `a.-b.com`: every label must not begin with `-` * `a.b-.com`: every label must not end with `-` * `ab--c.com`: every label must not have `-` as the third and fourth characters * `a.com.`: trailing root `.` is not allowed * `a_b.com`: `_` is not allowed in any label There are real-world "domains" that are not valid domains thus can never use WebAuthn as mentioned in the [`idna` crate](https://docs.rs/idna/latest/idna/fn.domain_to_ascii_strict.html): > * YouTube CDN nodes > * Some GitHub user pages > * Pseudo-hosts used by various TXT record-based protocols. -- GitHub Notification of comment by zacknewman Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2206#issuecomment-2509034305 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 30 November 2024 16:44:25 UTC