equalsJeffH has just created a new issue for https://github.com/w3c/webauthn: == "signature formats" section is underspecified == @arianvp noted in closed issue #1124 ([here](https://github.com/w3c/webauthn/issues/1124#issuecomment-644008314) and [here](https://github.com/w3c/webauthn/issues/1124#issuecomment-644011501)) that (edited somewhat): [6.5.5. Signature Formats for Packed Attestation, FIDO U2F Attestation, and Assertion Signatures ](https://w3c.github.io/webauthn/#sctn-signature-attestation-types) does not specify what the _format_ is for `signature` when it is not one of `ES256, RS256, PS256`. The **NOTE** does mention that it is "recommended" that any new signature formats will directly correspond to the COSE signature field, but the NOTE is not normative. Hence; the `signature` field seems underspecified to me currently and it's not clear to me as an implementor of a Relying Party how it should be interpreted from the standard alone. [I've looked at] how other `webauthn` Relying Parties implement this; and indeed they use the COSE format for signatures for `EdDSA`; but when doing a clean-room implementation of the standard it's currently not possible to come to this conclusion, which might be problematic. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1441 using your GitHub accountReceived on Monday, 15 June 2020 16:07:18 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC