Re: Comments to WD-01 from Yaron Sheffer on 2016-09-17 (public-webauthn@w3.org from September 2016)

From: Yaron Sheffer <yaron_sheffer@intuit.com>
Date: Sat, 17 Sep 2016 10:00:18 +0200
To: "Hodges, Jeff" <jeff.hodges@paypal.com>, Vijay Bharadwaj <vijaybh@microsoft.com>, "public-webauthn@w3.org" <public-webauthn@w3.org>
Message-ID: <ebf99d1b-bd82-2d00-7e44-ceadce843dec@intuit.com>

>>> * 4.1.1 step #4: do we define any mandatory-to-implement algorithms
>>> or credential types? It's hard to get interoperability if we
>>> don't.
>> I believe the goal was to wait for initial implementations, and then
>> assess the state of algorithm support. Only one credential type is
>> supported for now, so that one is okay.
> Note that we could denote Credential.type as referring to the union of
> signature format, crypto (eg hash) algs, etc. And then we have agility by
> defining new Credential.types that represent different combinations of
> those things.
>
Looks good to me. Could you make this point explicitly in the spec?

Thanks,
     Yaron

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Saturday, 17 September 2016 08:01:07 UTC