- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Fri, 16 Feb 2018 23:41:44 +0000
- To: public-webauthn@w3.org
overall disclaimer: I do not have a personal dog in this race. that said, there are trade-offs here worth noting... > its will be much better if we follow the existing standard RFCs [RFC8152](https://tools.ietf.org/html/rfc8152) and [RFC8230](https://tools.ietf.org/html/rfc8230) **_are_** "existing standard RFCs". It seems that the issue you folks are having is that your existing toolset (libs etc) does not (as yet) directly support emitting signature values per the latter RFCs. Yet, there are [some](https://github.com/w3c/webauthn/issues/799#issuecomment-366332319) [advantages](https://github.com/w3c/webauthn/issues/799#issuecomment-366353982) to the COSE-specified sig values. Meanwhile, it is debatable whether ASN.1 wrapping offers any _intrinsic_ benefits. So, just to note, this is yet another instance of ossification: pragmatic adherence to the status quo in the short term, but perhaps not advantageous in the long term. -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/799#issuecomment-366390129 using your GitHub account
Received on Friday, 16 February 2018 23:42:06 UTC