Re: [webauthn] Signature format needs to be defined

@akshayku - saying "RFC 8017 signatures" is ambiguous.  For instance, look at https://tools.ietf.org/html/rfc8017#appendix-A.2.4 (RSASSA-PKCS-v1_5).  It contains definitions for both DigestInfo, which includes an ASN.1 OID for the digest algorithm, and for "digest", which doesn't.  Here's a snippet:

       DigestInfo ::= SEQUENCE {
           digestAlgorithm DigestAlgorithm,
           digest OCTET STRING
       }

It's my position that what we're calling "signature" should be the digest only and not require implementations to prefix the raw signature with ASN.1 information.  If some implementations are doing that, that seems unnecessarily complicated.


-- 
GitHub Notification of comment by selfissued
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/799#issuecomment-366057329 using your GitHub account

Received on Thursday, 15 February 2018 20:50:50 UTC