- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Tue, 04 Oct 2022 17:08:25 +0000
- To: public-webauthn@w3.org
I'm trying to figure out the best place to put such an editorial blurb. There are currently maybe three places that I see as candidates: 1. Sample code in the registration examples: https://www.w3.org/TR/webauthn-2/#sctn-sample-registration 2. Step 10 in `createCredential()` steps: https://www.w3.org/TR/webauthn-2/#sctn-createCredential 3. This section on Easily Accessing Credential Data: https://www.w3.org/TR/webauthn-2/#sctn-public-key-easy 4. The section in `PublicKeyCredentialCreationOptions` about `pubKeyCredParams`: https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialcreationoptions-pubkeycredparams I'd like to put this addition in #4 as it feels like it has the best chance of an RP dev seeing it as they're trying to understand all the options. That said, it'd mean creating a _fourth_ place to need to keep up-to-date as future algorithms get introduced. If putting an editorial suggestion to use `-256` and `-257` (and maybe `-8` now) here has the greatest chance of being the most clear recommendation on which algorithms an RP should put into `pubKeyCredParams` (or suggesting _not_ specifying a value for `pubKeyCredParams` so the defaults in #2 are used), then maybe I include further changes to these other sections to reference #4. Thoughts? BTW #2 is missing a reference to `-8` that exists in #3, is that something we should reconcile? And perhaps we should consider updating #2 (in a separate issue) to prioritize Ed25519 keypairs (by putting `-8` first) now that it's in the wild 🤔 -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1757#issuecomment-1267306184 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 4 October 2022 17:08:26 UTC