- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Wed, 05 Oct 2022 09:15:16 +0000
- To: public-webauthn@w3.org
@MasterKale by `-256`, did you mean `-7` (P-256)? I think (4) [`pubKeyCredParams`](https://w3c.github.io/webauthn/#dom-publickeycredentialcreationoptions-pubkeycredparams) is the most appropriate place to put this guidance. I agree that's where an RP dev is most likely to see it. (1) should ideally agree with whatever we put in (4), but shouldn't be the primary authoritative source. I don't think this is necessarily related to the algs list in (3). (2) and (4) should probably be the same, but I'm not sure if it's appropriate to have them reference each other. But if so, (2) should probably reference (4) rather than vice versa. It would be nice to recommend `[]` to fall back to the default, but it's not backward-compatible with browser implementations still on L1, so I'm not sure it's a good idea. (...although I suppose you _could_ feature-detect on e.g. `window.AuthenticatorAttestationResponse.prototype.getPublicKey === undefined` to distinguish L1 clients. But that gets pretty involved - and in the end you'd still need to choose a `pubKeyCredParams` value for L1, so you might as well always use it.) -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1757#issuecomment-1268169771 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 5 October 2022 09:15:18 UTC