W3C home > Mailing lists > Public > public-webauthn@w3.org > February 2017

[webauthn] Credential CBOR

From: Adam Powers via GitHub <sysbot+gh@w3.org>
Date: Mon, 27 Feb 2017 19:38:04 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-210584413-1488224282-sysbot+gh@w3.org>
apowers313 has just created a new issue for 
https://github.com/w3c/webauthn:

== Credential CBOR ==
A few thoughts on simplifying the attestation credential CBOR in 
[Section 5.3.1](https://www.w3.org/TR/webauthn/#sec-attestation-data):
* Convert the CBOR map to a CBOR array / list with values at 
well-known positions in the array: 0 = alg; 1 = x; 2 = y; etc. This 
makes the final size smaller, since CBOR maps use strings for the 
indexes. Currently the difference is only two bytes ("alg" = 3 bytes; 
"x" = 1 byte; "1" = 1 byte; total 5 bytes as opposed to 3 bytes when 
using array indexes), but if new algorithms are added that have long 
strings for keys it may make a bigger difference.
* The CDDL currently specifies using "biguint" and "uint" for the 
various crypto parameters. These are essentially [semantically 
tagged](https://tools.ietf.org/html/rfc7049#section-2.4) byte strings.
 I would suggest just using byte strings instead of "biguint" and 
"uint". Although the current spec is is more semantically correct, 
adding semantic tags is just extra overhead and only creates 
difficulties when trying to encode / decode with off-the-shelf CBOR 
libraries.

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/366 using your GitHub account
Received on Monday, 27 February 2017 19:38:11 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:24 UTC