- From: philomathic_life via GitHub <sysbot+gh@w3.org>
- Date: Thu, 03 Apr 2025 04:19:48 +0000
- To: public-webauthn@w3.org
How will this affect the CBOR encoded payload in the attested credential data? Will the `crv` key-value pair be dropped seeing how it doesn't provide any information? Specifically will ESP256 be encoded like 1. or 2. below?
1:
```
{
1: 2, ; kty: EC2 key type
3: -9, ; alg: ESP256 signature algorithm
-1: 1, ; crv: P-256 curve
-2: x, ; x-coordinate as byte string 32 bytes in length
; e.g., in hex: 65eda5a12577c2bae829437fe338701a10aaa375e1bb5b5de108de439c08551d
-3: y ; y-coordinate as byte string 32 bytes in length
; e.g., in hex: 1e52ed75701163f7f9e40ddf9f341b3dc9ba860af7e0ca7ca7e9eecd0084d19c
}
```
2:
```
{
1: 2, ; kty: EC2 key type
3: -9, ; alg: ESP256 signature algorithm
-2: x, ; x-coordinate as byte string 32 bytes in length
; e.g., in hex: 65eda5a12577c2bae829437fe338701a10aaa375e1bb5b5de108de439c08551d
-3: y ; y-coordinate as byte string 32 bytes in length
; e.g., in hex: 1e52ed75701163f7f9e40ddf9f341b3dc9ba860af7e0ca7ca7e9eecd0084d19c
}
```
Seeing how CBOR is about being "concise", I'm guessing the latter; otherwise Ed25519 will now be 1 byte larger since `-50` takes 2 bytes to encode instead of the one byte needed for `-8`.
--
GitHub Notification of comment by zacknewman
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2276#issuecomment-2774454413 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 3 April 2025 04:19:49 UTC