[webauthn] fix signature alg names and RFC3447 cite in {#generating-an-attestation-statement} from =JeffH via GitHub on 2016-10-26 (public-webauthn@w3.org from October 2016)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Wed, 26 Oct 2016 21:40:30 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-185517824-1477518028-sysbot+gh@w3.org>

equalsJeffH has just created a new issue for 
https://github.com/w3c/webauthn:

== fix signature alg names and RFC3447 cite in 
{#generating-an-attestation-statement} ==
[ see also #123 ]

wrt S 5.3.3 {#generating-an-attestation-statement} and the notation 
therein of "RSA PKCS1" and "RSASSA-PSS": the former is 
incorrect/imprecise in terms of both WebCrypto [1] and RFC3447 [2]. 
The latter, "RSASSA-PSS", is used only in RFC3447.

Also, the phrase they are used within -- "Raw encoded RSA PKCS1 or 
RSASSA-PSS public key" -- is incorrect in that the former is an 
identifier for the RSA PKCS #1 spec series itself, the latter is the 
identifier for the RSASSA-PSS signature scheme, and neither are 
identifiers for ostensible subtypes of RSA keys. See Section 3 "Key 
Types" of [2].

Plus, RFC3447 is nigh to being obsoleted by 
[draft-moriarty-pkcs1](uhttps://tools.ietf.org/html/draft-moriarty-pkcs1rl)
  which is approved and in RFC-editor's queue for pub as RFC -- the 
RFC3447 cite & biblio need updating.



Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/238 using your GitHub account

Received on Wednesday, 26 October 2016 21:40:38 UTC