[webauthn] musings wrt webauthn's profile of COSE_Key

equalsJeffH has just created a new issue for https://github.com/w3c/webauthn:

== musings wrt webauthn's profile of COSE_Key ==
presently, in [WD-06 section 5.3.1. Attestation data](https://www.w3.org/TR/2017/WD-webauthn-20170811/#sec-attestation-data), we say (in the last row of the table) in regards to the [credential public key](https://www.w3.org/TR/2017/WD-webauthn-20170811/#credential-public-key) (aka "user public key" see issue #540):
> The credential public key encoded in COSE_Key format, as defined in Section 7 of [RFC8152]. The encoded credential public key MUST contain the "alg" parameter and MUST NOT contain any other optional parameters. The "alg" parameter MUST contain a COSEAlgorithmIdentifier value. 

Given the stipulations in [Section 7 of [RFC8152]](https://tools.ietf.org/html/rfc8152#section-7) -- note that the "kty" param is required, and "alg" is one of the optional params, plus the MUST stipulations in [section 13.1.1](https://tools.ietf.org/html/rfc8152#section-13.1.1) for "x", "y", and "crv". This means we'd actually have instantiated COSE_Key structures, for EC public keys, like so:
    1: <kty>     ; required by S 7 RFC8152, example value '2', ie "EC2"
    3: <alg>     ; optional per RFC8152, required per webauthn, exp. value '-7', ie "ES256"
   -2: <x coord> ; required by S 13.1.1 RFC8152
   -3: <y coord> ; required by S 13.1.1 RFC8152
   -1: <crv>     ; required by S 13.1.1 RFC8152, exp. value '1', ie "P-256"


Please view or discuss this issue at https://github.com/w3c/webauthn/issues/543 using your GitHub account

Received on Sunday, 3 September 2017 00:58:24 UTC