W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2017

[webauthn] Attestation Data defines ECC key X, Y parameters two ways

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Wed, 26 Jul 2017 01:28:58 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-245579950-1501032536-sysbot+gh@w3.org>
jcjones has just created a new issue for https://github.com/w3c/webauthn:

== Attestation Data defines ECC key X, Y parameters two ways ==
Web Authentication defines the Attestation Data's Credential Public Key in the CBOR map as having parameters `x` and `y` of type `biguint` [1], and then refers to RFC7518 section 6.2.1.{2,3} [2] for the details:

> "The semantics and naming of the other fields (though not their encoding) follows the definitions in [RFC7518] section 6"

RFC7518 defines `x` and `y` as base64url-encoded strings; presumably the language "_though not their encoding_" means to ignore that and go with them as being type `biguint`, but it'd be nice to be more explicit, perhaps with an example or saying something like:

> "The semantics and naming of the other fields follow the definitions in [RFC7518] section 6, except where the CBOR-defined encoding differs, where Web Authentication's definition has supremacy."

[1] https://www.w3.org/TR/webauthn/#sec-attestation-data
[2] https://tools.ietf.org/html/rfc7518#section-6.2.1.2

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/509 using your GitHub account
Received on Wednesday, 26 July 2017 01:28:59 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:26 UTC