[webauthn] Section 8.6 step 6 clarification (Correct Hash algorithm) (#1279) from Thomas Cioppettini via GitHub on 2019-08-16 (public-webauthn@w3.org from August 2019)

From: Thomas Cioppettini via GitHub <sysbot+gh@w3.org>
Date: Fri, 16 Aug 2019 09:02:40 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-481514413-1565946159-sysbot+gh@w3.org>

tomciopp has just created a new issue for https://github.com/w3c/webauthn:

== Section 8.6 step 6 clarification (Correct Hash algorithm) ==
I'm implementing a relying party and I have a question about the FIDO U2F verification procedure. It looks like the hash function is hard coded to sha256 in most other implementations and I believe that is correct, but wanted to make sure. 

The associated link listed along with the step does not provide any clear indication of what should be done as it just links to a 144 page document that reviews standards for ECC, and not a subsection of that document that will be of use to the implementer in this case. 

Other implementers have grabbed the hash algorithm from the auth_data => attested_credential_data => credential_public_key map and then done a lookup  based on COSE. This seems to me like an unnecessary step, but I am not 100% sure.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1279 using your GitHub account

Received on Friday, 16 August 2019 09:02:41 UTC