W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2022

Re: [webauthn] Which "pubKeyCredParams" to use? (#1757)

From: Ackermann Yuriy <ackermann.yuriy@gmail.com>
Date: Tue, 28 Jun 2022 17:39:27 +0100
Message-ID: <CALRyZMq_mG4u4NN-PpH+dR6y3k1SnXt8enaUe7UL9a0Ox7gxGQ@mail.gmail.com>
To: Arnaud Dagnelies via GitHub <sysbot+gh@w3.org>
Cc: public-webauthn@w3.org
It is mandatory to support ES256/RS256/RS1/ED25519

On Tue, 28 Jun 2022 at 5:16 PM, Arnaud Dagnelies via GitHub <
sysbot+gh@w3.org> wrote:

> dagnelies has just created a new issue for https://github.com/w3c/webauthn
> :
>
> == Which "pubKeyCredParams" to use? ==
> Hi,
>
> I noticed that during `credentials.create(...)`, if the list does not
> contain what the authenticator can provide, the authenticator will not be
> included in the list of authenticators to choose from. For example, if you
> don't include `"alg":-257`, Windows Hello won't work.
>
> Now, as a relying party this all sounds a bit like unknown mysteries.
>
> - the specification says "pick your algorithms" from a [huge list](
> https://www.iana.org/assignments/cose/cose.xhtml#algorithms)!
> - no idea which algos the authenticators support
> - no idea which algos you really have to support as an RP
>
> In practice, using this list restricts your choice to a subset of
> authenticators available... if you manage to find out which algo is needed.
> Also, most RPs are not deeply knowledgeable about which crypto algorithms
> is better suited or not.
>
> So ...are all common authenticators covered by RS256 and ES256? Or should
> you as an RP add some more to cover most authenticators? Which ones?
>
> Please view or discuss this issue at
> https://github.com/w3c/webauthn/issues/1757 using your GitHub account
>
>
> --
> Sent via github-notify-ml as configured in
> https://github.com/w3c/github-notify-ml-config
>
> --
Yuriy Ackermann
FIDO, Identity, Standards
skype: ackermann.yuriy
github: @herrjemand <https://github.com/herrjemand>
twitter: @herrjemand <https://twitter.com/herrjemand>
medium: @herrjemand <https://medium.com/@herrjemand>
Received on Tuesday, 28 June 2022 16:39:53 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:46 UTC