Re: [webauthn] Crypto algorithm agility: e.g., Specify the set of hash algorithms UAs can select between. from =JeffH via GitHub on 2017-12-06 (public-webauthn@w3.org from December 2017)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 06 Dec 2017 18:29:40 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-349731653-1512584979-sysbot+gh@w3.org>

@jyasskin wrote in https://github.com/w3c/webauthn/issues/362#issuecomment-302914784:
> The algorithm agility story should probably be bigger than just the hash function. I've seen advice that we should strive to handle agility by upgrading to a whole new suite of cryptographic primitives, rather than making the parties negotiate each algorithm. Maybe the PublicKeyCredentialType enumeration is the right place to declare which versions an RP supports, and then each version will specify a single cryptographic algorithm for the authenticator to use in each place?

sounds like a worthwhile approach to consider.

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/362#issuecomment-349731653 using your GitHub account

Received on Wednesday, 6 December 2017 18:29:42 UTC