Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #404 - Add a Security Consideration for Cryptographic Challenges #681

Merged
merged 2 commits into from
Nov 13, 2017
Merged

Fix #404 - Add a Security Consideration for Cryptographic Challenges #681

merged 2 commits into from
Nov 13, 2017

Conversation

jcjones
Copy link
Contributor

@jcjones jcjones commented Nov 9, 2017
edited by pr-preview bot
Loading

@jcjones jcjones added security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. type:editorial labels Nov 9, 2017
@jcjones jcjones added this to the CR milestone Nov 9, 2017
kpaulh
kpaulh reviewed Nov 9, 2017
View reviewed changes
index.bs Outdated

## Cryptographic Challenges ## {#cryptographic-challenges}
As a cryptographic protocol, Web Authentication is dependent upon randomized challenges
to avoid replay attacks. Therefore, the [=challenge=] fields MUST be randomly generated
Copy link
Contributor

@kpaulh kpaulh Nov 9, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: would making 'fields' singular be more consistent with the new wording?

rlin1
rlin1 reviewed Nov 9, 2017
View reviewed changes
Copy link
Contributor

@rlin1 rlin1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Considerations are non-normative. But the term "MUST" seems to imply normative meaning.
Shouldn't we just say "must" when used in non-normative context?

@jcjones
Copy link
Contributor Author

jcjones commented Nov 13, 2017

This is not contentious, and I think it needs to be in WD-07. Merging it.

@jcjones jcjones merged commit 45541f9 into w3c:master Nov 13, 2017
@jcjones jcjones deleted the 404-challanges branch November 13, 2017 17:25
WebAuthnBot pushed a commit that referenced this pull request Nov 13, 2017
Built by Travis-CI: 45541f9 Merge pull request #681 from jcjones/404-…
3bfbfd6 
…challanges
@equalsJeffH equalsJeffH mentioned this pull request Nov 29, 2017
Closed
@equalsJeffH
Copy link
Contributor

this improved issue #322

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kpaulh kpaulh kpaulh approved these changes

@rlin1 rlin1 rlin1 left review comments

@equalsJeffH equalsJeffH Awaiting requested review from equalsJeffH

@AngeloKai AngeloKai Awaiting requested review from AngeloKai

Assignees
No one assigned
Labels
security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. type:editorial
Projects
None yet
Milestone
Last Working Draft
Development

Successfully merging this pull request may close these issues.
4 participants
@jcjones @equalsJeffH @rlin1 @kpaulh