[webauthn] Decoding attestationObject (#1614) from Anders Rundgren via GitHub on 2021-05-21 (public-webauthn@w3.org from May 2021)

From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
Date: Fri, 21 May 2021 04:40:30 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-897670207-1621572029-sysbot+gh@w3.org>

cyberphone has just created a new issue for https://github.com/w3c/webauthn:

== Decoding attestationObject ==
https://www.w3.org/TR/webauthn/#attestation-object

The mixing of fixed, variable length, and CBOR data in this object creates some issues.  Maybe I missed something but doesn't the optional EXTENSIONS field require a non-standard CBOR parsing process for finding out the length of the preceding public key object?

My current code assumes (including testing the ED flag) that there are no EXTENSIONS but that feels like a potential problem.

Now it is of course [much] too late but if there ever will be a major revision I suggest that all data is expressed as CBOR and presented as UInt8Arrays in JavaScript..

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1614 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 21 May 2021 04:40:32 UTC