Re: [webauthn] Update COSEAlgorithmIdentifier uses and examples to prefer fully-specified alg IDs (#2276) from Emil Lundberg via GitHub on 2025-04-02 (public-webauthn@w3.org from April 2025)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 02 Apr 2025 18:39:21 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2773401386-1743619159-sysbot+gh@w3.org>

Yes, my wording was a bit clumsy. I meant it is safe to include for example both -9 (ESP256) and -7 (ES256) in `pubKeyCredParams`, and authenticators that don't support -9 will simply skip it and "fall back" on -7 (assuming -9 appears before -7, otherwise the -9 option won't be evaluated at all).

So yes, RPs should continue to include the deprecated values in `pubKeyCredParams` for backward compatibility. Your example is accurate.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2276#issuecomment-2773401386 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 2 April 2025 18:39:22 UTC