[webauthn] Clarify byte size requirements for UVI from gmandyam via GitHub on 2018-02-26 (public-webauthn@w3.org from February 2018)

From: gmandyam via GitHub <sysbot+gh@w3.org>
Date: Mon, 26 Feb 2018 18:47:30 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-300352134-1519670848-sysbot+gh@w3.org>

gmandyam has just created a new issue for https://github.com/w3c/webauthn:

== Clarify byte size requirements for UVI ==
Current text says "The UVI is encoded as CBOR byte string (type 0x58)."  Then it goes on to say "Servers supporting UVI extensions MUST support a length of up to 32 bytes for the UVI value."

What does this mean in terms of UVI byte size?  For instance, 
(1) Are authenticators allowed to produce UVI's more than 32 bytes, but the RP's can ignore the extra bytes?  
(2) Should authenticators always produce UVI's of no more than 32 bytes? 
(3) Can authenticators produce UVI's of less than 32 bytes and pad to 32?

Relevant to PR https://github.com/w3c/webauthn/pull/821.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/823 using your GitHub account

Received on Monday, 26 February 2018 18:47:34 UTC