- From: Arian van Putten via GitHub <sysbot+gh@w3.org>
- Date: Mon, 15 Jun 2020 09:14:51 +0000
- To: public-webauthn@w3.org
That's not true. The signature field can be any amount of formats, for backwards compatibility reasons. For `ES256`, `RS256` and `PS256` it does *not* correspond to the signature format of COSE. https://www.w3.org/TR/webauthn/#signature-attestation-types Result is the `signature` field in assertions is only defined for `ES256` `RS256` and `PS256` if I read precisely but is undefined for any other COSEAlgorithmIdentifiers The **NOTE** does mention that it is "recommended" that any new signature formats will directly correspond to the COSE signature field, but the NOTE is not normative Hence; the `signature` field seems underspecified to me currently and it's not clear to me as an implementor of a Relying Party how it should be interpreted from the standard alone. -- GitHub Notification of comment by arianvp Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1124#issuecomment-644008314 using your GitHub account
Received on Monday, 15 June 2020 09:14:53 UTC