Authentication Method 2 uses a verification token to proof possession of a shared secret. The verification token is derived using HKDF resulting in binary data (or a hexadecimal representation thereof) to be sent with an A2 message.
However, the VerificationData field of an A message uses UTF-8 character encoding. The specification is not clear on how binary Authentication Method 2 verification data should be encoded in such a field. Furthermore, putting a hexadecimal representation in a UTF-8 character encoded field makes the message too long.
Therefore, either the field should use the hexadecimal x encoding (requiring text URLs in A1 messages to be encoded into binary), or keep the character c encoding (requiring the verification data in A2 to be binary-to-text encoded).
Authentication Method 2 uses a verification token to proof possession of a shared secret. The verification token is derived using HKDF resulting in binary data (or a hexadecimal representation thereof) to be sent with an
A2message.However, the
VerificationDatafield of anAmessage uses UTF-8 character encoding. The specification is not clear on how binary Authentication Method 2 verification data should be encoded in such a field. Furthermore, putting a hexadecimal representation in a UTF-8 character encoded field makes the message too long.Therefore, either the field should use the hexadecimal
xencoding (requiring text URLs inA1messages to be encoded into binary), or keep the charactercencoding (requiring the verification data inA2to be binary-to-text encoded).