[webauthn] Dependencies on CTAP2 canonical CBOR encoding form? (#1624) from Anders Rundgren via GitHub on 2021-06-16 (public-webauthn@w3.org from June 2021)

From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
Date: Wed, 16 Jun 2021 05:52:12 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-922127177-1623822730-sysbot+gh@w3.org>

cyberphone has just created a new issue for https://github.com/w3c/webauthn:

== Dependencies on CTAP2 canonical CBOR encoding form? ==
That the CBOR world now has (at least) 3 different canonical formats to deal with is not particularly cool.

Question: Is anybody aware of a single FIDO implementation that is **not** compatible with both CTAP2 canonical and https://datatracker.ietf.org/doc/html/rfc8949#section-4.2.3 ?  Or to put it differently: does anybody actually use integer keys that require more than a byte?  Because that is the potential interoperability issue, right? 

If there is no such implementation, I would consider revising this part of the specification.  As far as I can tell, canonicalization should (with respect to FIDO), only _potentially_ be an issue for attestation signatures.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1624 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 16 June 2021 05:52:31 UTC