Re: [webauthn] Crypto algorithm agility: e.g., Specify the set of hash algorithms UAs can select between.

@jyasskin wrote in
> The algorithm agility story should probably be bigger than just the hash function. I've seen advice that we should strive to handle agility by upgrading to a whole new suite of cryptographic primitives, rather than making the parties negotiate each algorithm. Maybe the PublicKeyCredentialType enumeration is the right place to declare which versions an RP supports, and then each version will specify a single cryptographic algorithm for the authenticator to use in each place?

sounds like a worthwhile approach to consider.

GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at using your GitHub account

Received on Wednesday, 6 December 2017 18:29:42 UTC