Re: [webauthn] Provide the public key in `AuthenticatorAttestationResponse` (#1363) from Emil Lundberg via GitHub on 2020-01-24 (public-webauthn@w3.org from January 2020)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Fri, 24 Jan 2020 12:30:57 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-578112190-1579869056-sysbot+gh@w3.org>

@equalsJeffH Yeah, my expectation is that RPs would just export the `CryptoKey` rather than use it for crypto operations in JS. My thinking was that returning `CryptoKey` would provide different format options "for free" instead of picking just one to support. @craigfrancis seems to prefer PEM, for example, while i guess JWK is the most appropriate "web-native" format if we were to pick just one.

> [ Also, I suspect we would need to look closely at the various involved specs to ascertain whether the various crypto algs (and parameters thereof) WebAuthn uses ([IANA-COSE-ALGS-REG](https://www.w3.org/TR/webauthn-2/#biblio-iana-cose-algs-reg)) and [JWK's](https://www.rfc-editor.org/rfc/rfc7518.html) and those that [WebCrypto](https://www.w3.org/TR/WebCryptoAPI/) supports are congruent. not a big task but necessary due diligence IIUC. ]

Good point!

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1363#issuecomment-578112190 using your GitHub account

Received on Friday, 24 January 2020 12:30:59 UTC