Re: [webauthn] Unclear whether compressed curve points need to be supported by RPs (#1447)

I would also be interested if anybody could shed some light how a simple formula like:

y = +/-sqrt(x^3 + ax + b)
has IPR issues as I couldn't find any reference to it in the RFC. After some browsing I found which is expired.

Not supporting compressed points and not recommending them will lead to many implementation mistakes where people miss a `pointIsValid` call.

I see that ECDAA was recently removed from Webauthn
which largest critique was point compression ambiguity.

I would suggest two things going forward:

1. explicitly support FIDO devices that provide the COSE key in compressed form (I'm not sure if this conflicts with any of the FIDO specs? it might?)

2.  Add explicit steps to [7. Webauthn Relying Party Operations]( which says that an implementor MUST make sure that any public key credential they receive has a point that lies on the curve of that public key credential so that people are at least  made aware of the problem of uncompressed points when implementing a Relying Party

GitHub Notification of comment by arianvp
Please view or discuss this issue at using your GitHub account

Received on Sunday, 28 June 2020 11:31:09 UTC