W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2020

Re: [webauthn] Lack of support for modern ECC (#1124)

From: Arian van Putten via GitHub <sysbot+gh@w3.org>
Date: Mon, 15 Jun 2020 09:14:51 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-644008314-1592212490-sysbot+gh@w3.org>
That's not true.  The signature field can be any amount of formats, for backwards compatibility reasons. For `ES256`, `RS256` and `PS256` it does *not* correspond to the signature format of COSE. https://www.w3.org/TR/webauthn/#signature-attestation-types

Result is the `signature` field in assertions is only defined for `ES256` `RS256` and `PS256` if I read precisely but is undefined for any other COSEAlgorithmIdentifiers 

The **NOTE** does mention that it is "recommended" that any new signature formats will directly correspond to the COSE signature field, but the NOTE is not normative

Hence; the `signature` field seems underspecified to me currently and it's not clear to me as an implementor of a Relying Party how it should be interpreted from the standard alone.

GitHub Notification of comment by arianvp
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1124#issuecomment-644008314 using your GitHub account
Received on Monday, 15 June 2020 09:14:53 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC