Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sensible limits for RP and User Entity fields. #667

Merged
merged 4 commits into from
Nov 3, 2017
Merged

Sensible limits for RP and User Entity fields. #667

merged 4 commits into from
Nov 3, 2017

Conversation

akshayku
Copy link
Contributor

@akshayku akshayku commented Nov 1, 2017
edited by pr-preview bot
Loading

@akshayku akshayku added this to the WD-07 milestone Nov 1, 2017
@akshayku
Copy link
Contributor Author

akshayku commented Nov 1, 2017

PR for #660

@akshayku akshayku mentioned this pull request Nov 1, 2017
Closed
@emlun
Copy link
Member

emlun commented Nov 1, 2017

Is this meant for resident credentials only?

@equalsJeffH
Copy link
Contributor

@emlun:

resident credentials

I presume you are referring to Client-side-resident Credential Private Keys ?

@emlun
Copy link
Member

emlun commented Nov 1, 2017

@equalsJeffH Yes, that's what I meant. The presumption that the values will be stored make sense only in that context, right?

Actually there's no mention at all in #op-make-cred about storing any of the userEntity members except id. Is that a problem?

equalsJeffH
equalsJeffH suggested changes Nov 1, 2017
View reviewed changes
Copy link
Contributor

@equalsJeffH equalsJeffH left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems nominally ok to me. Suggested rephrasing below, hence changes requested.

Overall, authenticator-vendor type folk ought to weigh-in on whether these stipulations are OK.

index.bs Outdated
@@ -1274,11 +1274,14 @@ associated.
<div dfn-type="dict-member" dfn-for="PublicKeyCredentialEntity">
: <dfn>name</dfn>
:: A human-friendly identifier for the entity. For example, this could be a company name for a [=[RP]=], or a
user's name. This identifier is intended for display.
user's name. This identifier is intended for display. Authenticators while creating a credential MUST support
minimum of 64 bytes for this field and optionally can truncate how much it wants to store if this field is more than 64 bytes.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggested re-write:
[=Authenticators=] MUST support a 64 byte minimum length for a [=PublicKeyCredentialEntity/name=] members's value. Authenticators MAY truncate a [=PublicKeyCredentialEntity/name=] member's value to a length equal to or greater than 64 bytes.

index.bs Outdated
a user's avatar or a [=[RP]=]'s logo. This URL MUST be an [=a priori authenticated URL=].
a user's avatar or a [=[RP]=]'s logo. This URL MUST be an [=a priori authenticated URL=]. Authenticators while
creating a credential MUST support minimum of 128 bytes for this field and optionally can drop this field if
this field is more than 128 bytes.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggested re-write:
[=Authenticators=] MUST support a 128 byte minimum length for a [=PublicKeyCredentialEntity/icon=] members's value. Authenticators MAY ignore a [=PublicKeyCredentialEntity/icon=] members's value if its length is greater than 128 byes.

index.bs Outdated
@@ -1315,7 +1318,8 @@ credential.
:: The [=user handle=] of the user account entity.

: <dfn>displayName</dfn>
:: A friendly name for the user account (e.g., "John P. Smith").
:: A friendly name for the user account (e.g., "John P. Smith"). Authenticators while creating a credential MUST support
minimum of 64 bytes for this field and optionally can truncate how much it wants to store if this field is more than 64 bytes.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggested re-write:
[=Authenticators=] MUST support a 64 byte minimum length for a [=PublicKeyCredentialEntity/displayName=] members's value. Authenticators MAY truncate a [=PublicKeyCredentialEntity/displayName=] member's value to a length equal to or greater than 64 bytes.

@jyasskin
Copy link
Member

jyasskin commented Nov 1, 2017

@emlun #623 adds the discussion of storing things.

I think a length limit makes sense for both authenticator-stored and RP-stored credential sources.

@equalsJeffH
Copy link
Contributor

review submitted, changes requested: #667 (review)

@emlun
Copy link
Member

emlun commented Nov 2, 2017

Sorry, I didn't mean to imply that a length limit is nonsensical for RP-stored credentials. My thinking was that the MUST could seem to clash with if the authenticator won't store the values at all - like U2F devices, do they "support" 64 bytes by not storing the value?

Anyway, #623 looks like it addresses most of my above thoughts.

@akshayku
Copy link
Contributor Author

akshayku commented Nov 2, 2017

@equalsJeffH : Can you review again?
@emlun: U2F is different and they don't get these fields to be stored in U2F_REGISTER. IMO, We are fine with this wording

jovasco
jovasco reviewed Nov 2, 2017
View reviewed changes
Copy link
Contributor

@jovasco jovasco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"support" is open to interpretation.

index.bs Outdated
user's name. This identifier is intended for display.
user's name. This identifier is intended for display. [=Authenticators=] MUST support a 64 byte minimum length
for a [=PublicKeyCredentialEntity/name=] members's value. Authenticators MAY truncate a
[=PublicKeyCredentialEntity/name=] member's value to a length equal to or greater than 64 bytes.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"support" is open to interpretation. Are you requiring for example that the authenticator must be able to display 64 bytes worth of characters?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Displaying is not applicable for UI less authenticators on authenticator side but needed for multiple accounts scenario where Platform shows the UI. So Authenticators MUST "Store". I think we don't need to be explain every type of authenticators now or come in future? I believe "support" is better word. What do you suggest?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you mean accept and store, then write accept and store? It is what you need while "support" covers every possible use of the string, including displaying.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alright.. I changed it to "accept and store".

@equalsJeffH
Copy link
Contributor

I approved these revised changes from my non-authnr-vendor-perspective, as they appear to be a step in the right direction.

However, I offer the following observations/caveats:

  1. @jovasco has a good point over in Define sensible limits for User and RP Entity to be stored on Authenticator as part of create credential #660 (comment) that arbitrary truncation of these byte strings may result in mal-formed unicode encodings. We may want to Note: this.
  2. nominally, DOMStrings contain UTF-16 code units, though that it not required. We should probably declare which strings we are expecting to be UTF-8 encoded to explicitly be UTF-8 encoded.
  3. These constraints the PR adds are authenticator-specific and begs the question of having a specific authenticator implementation considerations section rather than scattering such things throughout the spec (e.g., in the portion of the spec aimed at the browser developer audience.
  4. An authenticator implementation considerations section would be the appropriate place to provide a more full definition of "support" (which @jovasco is asking about above)

These items perhaps should be turned into yet more issues :)

@equalsJeffH
Copy link
Contributor

btw, I observed several bikeshed errors when compiling index.bs -- we oughta clean those up before any merging.

@akshayku
Copy link
Contributor Author

akshayku commented Nov 3, 2017

Incorporated feedback and merging.

@akshayku akshayku merged commit 0418f3e into master Nov 3, 2017
@akshayku akshayku deleted the akshayku-user-rp-entity-limits branch November 3, 2017 08:29
WebAuthnBot pushed a commit that referenced this pull request Nov 3, 2017
Built by Travis-CI: 0418f3e Sensible limits for RP and User Entity fi…
b973de4 
…elds. (#667)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jovasco jovasco jovasco left review comments

@equalsJeffH equalsJeffH equalsJeffH approved these changes

@selfissued selfissued Awaiting requested review from selfissued

Assignees

@akshayku akshayku

Labels
priority:implementation type:technical
Projects
None yet
Milestone
WD-07
Development

Successfully merging this pull request may close these issues.
5 participants
@akshayku @emlun @equalsJeffH @jyasskin @jovasco