- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Sun, 03 Sep 2017 00:58:24 +0000
- To: public-webauthn@w3.org
equalsJeffH has just created a new issue for https://github.com/w3c/webauthn:
== musings wrt webauthn's profile of COSE_Key ==
presently, in [WD-06 section 5.3.1. Attestation data](https://www.w3.org/TR/2017/WD-webauthn-20170811/#sec-attestation-data), we say (in the last row of the table) in regards to the [credential public key](https://www.w3.org/TR/2017/WD-webauthn-20170811/#credential-public-key) (aka "user public key" see issue #540):
> The credential public key encoded in COSE_Key format, as defined in Section 7 of [RFC8152]. The encoded credential public key MUST contain the "alg" parameter and MUST NOT contain any other optional parameters. The "alg" parameter MUST contain a COSEAlgorithmIdentifier value.
Given the stipulations in [Section 7 of [RFC8152]](https://tools.ietf.org/html/rfc8152#section-7) -- note that the "kty" param is required, and "alg" is one of the optional params, plus the MUST stipulations in [section 13.1.1](https://tools.ietf.org/html/rfc8152#section-13.1.1) for "x", "y", and "crv". This means we'd actually have instantiated COSE_Key structures, for EC public keys, like so:
```
{
1: <kty> ; required by S 7 RFC8152, example value '2', ie "EC2"
3: <alg> ; optional per RFC8152, required per webauthn, exp. value '-7', ie "ES256"
-2: <x coord> ; required by S 13.1.1 RFC8152
-3: <y coord> ; required by S 13.1.1 RFC8152
-1: <crv> ; required by S 13.1.1 RFC8152, exp. value '1', ie "P-256"
}
```
Yes?
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/543 using your GitHub account
Received on Sunday, 3 September 2017 00:58:24 UTC