W3C home > Mailing lists > Public > public-webauthn@w3.org > May 2021

Re: [webauthn] PROPOSAL: Add support for general (hardware backed) cryptographic signatures and key exchange (#1608)

From: certainlyNotHeisenberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 05 May 2021 12:24:17 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-832644961-1620217456-sysbot+gh@w3.org>
@Firstyear Got it. I was confused about your distinction between verification and signatures, since of course the verification itself _is_ a signature. But given your edit section, I understand what you mean. Agreed that it's lower hanging fruit to expand the current authentication flow to also accept an optional hash of data (together with a nonce for entropy). I'm all for this.

I do still think that arbitrary data signatures are a _far_ more powerful feature however, so I hope that part of the proposal does not get lost. 

(On memory considerations, yes there would of course be some constraints. The data can't be totally arbitrary. But hopefully these constraints can be made as minimal as possible.)

-- 
GitHub Notification of comment by certainlyNotHeisenberg
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1608#issuecomment-832644961 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 5 May 2021 12:24:19 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:43 UTC