W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2017

Re: [webauthn] Specify the set of hash algorithms UAs can select between.

From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
Date: Sun, 21 May 2017 04:39:58 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-302914784-1495341596-sysbot+gh@w3.org>
The algorithm agility story should probably be bigger than just the hash function. I've seen advice that we should strive to handle agility by upgrading to a whole new suite of cryptographic primitives, rather than making the parties negotiate each algorithm. Maybe the [`PublicKeyCredentialType`](https://w3c.github.io/webauthn/#enumdef-publickeycredentialtype) enumeration is the right place to declare which versions an RP supports, and then each version will specify a single cryptographic algorithm for the authenticator to use in each place?

-- 
GitHub Notification of comment by jyasskin
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/362#issuecomment-302914784 using your GitHub account
Received on Sunday, 21 May 2017 04:40:06 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:26 UTC