That's not true. The signature field can be any amount of formats, for backwards compatibility reasons. For `ES256`, `RS256` and `PS256` it does *not* correspond to the signature format of COSE. https://www.w3.org/TR/webauthn/#signature-attestation-types Result is the `signature` field in assertions is only defined for `ES256` `RS256` and `PS256` if I read precisely but is undefined for any other COSEAlgorithmIdentifiers The **NOTE** does mention that it is "recommended" that any new signature formats will directly correspond to the COSE signature field, but the NOTE is not normative Hence; the `signature` field seems underspecified to me currently and it's not clear to me as an implementor of a Relying Party how it should be interpreted from the standard alone. -- GitHub Notification of comment by arianvp Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1124#issuecomment-644008314 using your GitHub accountReceived on Monday, 15 June 2020 09:14:53 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC