- From: Petr Dvořák via GitHub <sysbot+gh@w3.org>
- Date: Fri, 28 Apr 2023 23:43:46 +0000
- To: public-webauthn@w3.org
@MasterKale Understood, and thank you for the prompt response. 👍 I am thinking the recommendation could maybe be worded as:
> [=[RPS]=] MUST support the following {{COSEAlgorithmIdentifier}} value:
>
> * -7 (ES256)
>
> [=[RPS]=] that wish to support a wide range of [=authenticators=], including some legacy ones,
> SHOULD also include at least the following {{COSEAlgorithmIdentifier}} values:
>
> * -8 (Ed25519)
> * -257 (RS256)
>
> Additional signature algorithms can be included as needed.
This approach will both:
- Provide minimum mandatory supported algorithm.
- Recommend algorithms to achieve broader support.
ES256 is already widely adopted, not only in WebAuthn but also when working with JWTs. I think making this the default could speed up WebAuthn adoption (as even small website makers will be able to provide minimalistic implementations). I will first sleep on it to see if this sounds like a good idea in the morning 🙂 and if it does, I will try to draft a PR - in the worst case, it gets rejected with some comments, which is fine.
--
GitHub Notification of comment by petrdvorak
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1757#issuecomment-1528220714 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 28 April 2023 23:43:48 UTC