Re: [webauthn] Unclear whether compressed curve points need to be supported by RPs (#1447) from Arian van Putten via GitHub on 2020-06-28 (public-webauthn@w3.org from June 2020)

From: Arian van Putten via GitHub <sysbot+gh@w3.org>
Date: Sun, 28 Jun 2020 11:31:08 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-650737997-1593343867-sysbot+gh@w3.org>

I would also be interested if anybody could shed some light how a simple formula like:

```
y = +/-sqrt(x^3 + ax + b)
```
has IPR issues as I couldn't find any reference to it in the RFC. After some browsing I found https://patents.google.com/patent/US6130946A/en which is expired.

Not supporting compressed points and not recommending them will lead to many implementation mistakes where people miss a `pointIsValid` call.

I see that ECDAA was recently removed from Webauthn https://github.com/w3c/webauthn/issues/1410
which largest critique was point compression ambiguity.

I would suggest two things going forward:

1. explicitly support FIDO devices that provide the COSE key in compressed form (I'm not sure if this conflicts with any of the FIDO specs? it might?)

2.  Add explicit steps to [7. Webauthn Relying Party Operations](https://w3c.github.io/webauthn/#sctn-rp-operations) which says that an implementor MUST make sure that any public key credential they receive has a point that lies on the curve of that public key credential so that people are at least  made aware of the problem of uncompressed points when implementing a Relying Party







-- 
GitHub Notification of comment by arianvp
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1447#issuecomment-650737997 using your GitHub account

Received on Sunday, 28 June 2020 11:31:09 UTC