[webauthn] Define a attestation format with RFC8152-style signing? (#1164)

holycleugh has just created a new issue for https://github.com/w3c/webauthn:

== Define a attestation format with RFC8152-style signing? ==
Section 6.4.5 says
>Note: As CTAP1/U2F authenticators are already producing signatures values in this format, CTAP2 authenticators will also produce signatures values in the same format, for consistency reasons. It is recommended that any new attestation formats defined not use ASN.1 encodings, but instead represent signatures as equivalent fixed-length byte arrays without internal structure, using the same representations as used by COSE signatures as defined in [RFC8152] and [RFC8230].

Does it make sense to define a new attestation format in the spec itself, similar to `packed` except using RFC8152 style COSE signing instead of ASN.1? This makes it easier for authenticators because they already have some COSE support since the public key is in COSE format.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1164 using your GitHub account

Received on Thursday, 28 February 2019 03:58:44 UTC