Ambiguous specification of the Verification Data field in Authentication Messages

[ts5746]

Authentication Method 2 uses a verification token to proof possession of a shared secret. The verification token is derived using HKDF resulting in binary data (or a hexadecimal representation thereof) to be sent with an A2 message.

However, the VerificationData field of an A message uses UTF-8 character encoding. The specification is not clear on how binary Authentication Method 2 verification data should be encoded in such a field. Furthermore, putting a hexadecimal representation in a UTF-8 character encoded field makes the message too long.

Therefore, either the field should use the hexadecimal x encoding (requiring text URLs in A1 messages to be encoded into binary), or keep the character c encoding (requiring the verification data in A2 to be binary-to-text encoded).