Re: [webauthn] Lack of support for modern ECC (#1124)

That's not true.  The signature field can be any amount of formats, for backwards compatibility reasons. For `ES256`, `RS256` and `PS256` it does *not* correspond to the signature format of COSE.

Result is the `signature` field in assertions is only defined for `ES256` `RS256` and `PS256` if I read precisely but is undefined for any other COSEAlgorithmIdentifiers 

The **NOTE** does mention that it is "recommended" that any new signature formats will directly correspond to the COSE signature field, but the NOTE is not normative

Hence; the `signature` field seems underspecified to me currently and it's not clear to me as an implementor of a Relying Party how it should be interpreted from the standard alone.

GitHub Notification of comment by arianvp
Please view or discuss this issue at using your GitHub account

Received on Monday, 15 June 2020 09:14:53 UTC