W3C home > Mailing lists > Public > public-webauthn@w3.org > February 2017

[webauthn] Specify the set of hash algorithms UAs can select between.

From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
Date: Fri, 24 Feb 2017 22:55:41 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-210180114-1487976940-sysbot+gh@w3.org>
jyasskin has just created a new issue for 
https://github.com/w3c/webauthn:

== Specify the set of hash algorithms UAs can select between. ==
Simply requiring a ["recognized algorithm 
name"](https://www.w3.org/TR/WebCryptoAPI/#recognized-algorithm-name) 
isn't enough because arbitrary other specifications can [define an 
algorithm](https://www.w3.org/TR/WebCryptoAPI/#concept-define-an-algorithm),
 while relying parties need to know which hash algorithms they need to
 be able to use to verify signatures.

@equalsJeffH suggested limiting to {SHA-256, SHA-384, SHA-512} in 
https://github.com/w3c/webauthn/pull/347#discussion_r103040671. 
There's been mention of 
[SM3](http://www.oscca.gov.cn/UpFile/20101222141857786.pdf) in the 
spec, but it's not currently defined in 
[WebCrypto](https://www.w3.org/TR/WebCryptoAPI/). It could be defined 
somewhere appropriate and re-added to the set of allowed algorithms in
 this spec later, if folks want to do so.

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/362 using your GitHub account
Received on Friday, 24 February 2017 22:55:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:33 UTC