Re: [webauthn] Specify the set of hash algorithms UAs can select between. from Jeffrey Yasskin via GitHub on 2017-05-21 (public-webauthn@w3.org from May 2017)

From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
Date: Sun, 21 May 2017 04:39:58 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-302914784-1495341596-sysbot+gh@w3.org>

The algorithm agility story should probably be bigger than just the hash function. I've seen advice that we should strive to handle agility by upgrading to a whole new suite of cryptographic primitives, rather than making the parties negotiate each algorithm. Maybe the [`PublicKeyCredentialType`](https://w3c.github.io/webauthn/#enumdef-publickeycredentialtype) enumeration is the right place to declare which versions an RP supports, and then each version will specify a single cryptographic algorithm for the authenticator to use in each place?

-- 
GitHub Notification of comment by jyasskin
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/362#issuecomment-302914784 using your GitHub account

Received on Sunday, 21 May 2017 04:40:06 UTC