Re: [webauthn] Provide the public key in `AuthenticatorAttestationResponse` (#1363)

@equalsJeffH Yeah, my expectation is that RPs would just export the `CryptoKey` rather than use it for crypto operations in JS. My thinking was that returning `CryptoKey` would provide different format options "for free" instead of picking just one to support. @craigfrancis seems to prefer PEM, for example, while i guess JWK is the most appropriate "web-native" format if we were to pick just one.

> [ Also, I suspect we would need to look closely at the various involved specs to ascertain whether the various crypto algs (and parameters thereof) WebAuthn uses ([IANA-COSE-ALGS-REG]( and [JWK's]( and those that [WebCrypto]( supports are congruent. not a big task but necessary due diligence IIUC. ]

Good point!

GitHub Notification of comment by emlun
Please view or discuss this issue at using your GitHub account

Received on Friday, 24 January 2020 12:30:59 UTC