[webauthn] Clarification on CBOR-encoding of COSE keys (#2054) from philomathic_life via GitHub on 2024-03-28 (public-webauthn@w3.org from March 2024)

From: philomathic_life via GitHub <sysbot+gh@w3.org>
Date: Thu, 28 Mar 2024 20:48:57 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-2214119671-1711658935-sysbot+gh@w3.org>

zacknewman has just created a new issue for https://github.com/w3c/webauthn:

== Clarification on CBOR-encoding of COSE keys ==
The [CTAP2 canonical CBOR encoding form](https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html#ctap2-canonical-cbor-encoding-form) does not restrict the CBOR major type that MUST be used for parameters that are allowed to have multiple types. For example the value for [`kty`](https://www.rfc-editor.org/rfc/rfc9052.html#section-7.1) is allowed to be a `tstr` or `int` (e.g., `"OKP"` or `1` for an [octet key pair](https://www.iana.org/assignments/cose/cose.xhtml#key-type)). "In the wild" I've really only encountered the use of `int` for such a thing. Is it truly the case that `kty` can be a `tstr`? More generally, is it actually the case when a parameter value can have multiple major types according to RFCs 9052 and 9053, that all such major types be allowed; or is this an oversight, and the most compact type MUST be used?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2054 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 28 March 2024 20:48:58 UTC