- From: Arian van Putten via GitHub <sysbot+gh@w3.org>
- Date: Sun, 28 Jun 2020 11:12:40 +0000
- To: public-webauthn@w3.org
arianvp has just created a new issue for https://github.com/w3c/webauthn: == Unclear whether compressed curve points need to be supported by RPs == COSE_Key supports storing compressed points (https://tools.ietf.org/html/rfc8152#section-13.1.1): if `y` is a boolean, consider it the sign of `x`, if `y` is a `bstr` consider it an uncompressed point. However it's not clear for my from the Webauthn spec if compressed points need to be supported. Especially https://w3c.github.io/webauthn/#sctn-public-key-easys says: > User agents MUST be able to return a non-null value for getPublicKey() when the credential public key has a COSEAlgorithmIdentifier value of: > -7 (ES256), where kty is 2 (uncompressed points) and crv is 1 (P-256). which suggests `kty = 2` always implies uncompressed points but this formulation is not normative and the COSE RFC says compressed points are not recommended due to IPR issues (what is IPR?) but that advise is also not normative > The latter encoding has not been recommended in the IETF due to potential IPR issues. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1447 using your GitHub account
Received on Sunday, 28 June 2020 11:12:41 UTC