Re: [webauthn] PROPOSAL: Add support for general (hardware backed) cryptographic signatures and key exchange (#1608)

@Firstyear Got it. I was confused about your distinction between verification and signatures, since of course the verification itself _is_ a signature. But given your edit section, I understand what you mean. Agreed that it's lower hanging fruit to expand the current authentication flow to also accept an optional hash of data (together with a nonce for entropy). I'm all for this.

I do still think that arbitrary data signatures are a _far_ more powerful feature however, so I hope that part of the proposal does not get lost. 

(On memory considerations, yes there would of course be some constraints. The data can't be totally arbitrary. But hopefully these constraints can be made as minimal as possible.)

GitHub Notification of comment by certainlyNotHeisenberg
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Wednesday, 5 May 2021 12:24:19 UTC