- From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
- Date: Fri, 24 Feb 2017 22:55:41 +0000
- To: public-webauthn@w3.org
jyasskin has just created a new issue for
https://github.com/w3c/webauthn:
== Specify the set of hash algorithms UAs can select between. ==
Simply requiring a ["recognized algorithm
name"](https://www.w3.org/TR/WebCryptoAPI/#recognized-algorithm-name)
isn't enough because arbitrary other specifications can [define an
algorithm](https://www.w3.org/TR/WebCryptoAPI/#concept-define-an-algorithm),
while relying parties need to know which hash algorithms they need to
be able to use to verify signatures.
@equalsJeffH suggested limiting to {SHA-256, SHA-384, SHA-512} in
https://github.com/w3c/webauthn/pull/347#discussion_r103040671.
There's been mention of
[SM3](http://www.oscca.gov.cn/UpFile/20101222141857786.pdf) in the
spec, but it's not currently defined in
[WebCrypto](https://www.w3.org/TR/WebCryptoAPI/). It could be defined
somewhere appropriate and re-added to the set of allowed algorithms in
this spec later, if folks want to do so.
Please view or discuss this issue at
https://github.com/w3c/webauthn/issues/362 using your GitHub account
Received on Friday, 24 February 2017 22:55:49 UTC