[webauthn] Clarify DER encoding rules apply to signature format encoding in section 6.5.5 (#2314) from Rolf Lindemann via GitHub on 2025-07-15 (public-webauthn@w3.org from July 2025)

From: Rolf Lindemann via GitHub <noreply@w3.org>
Date: Tue, 15 Jul 2025 15:21:41 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-3232708446-1752592899-noreply@w3.org>

rlin1 has just created a new issue for https://github.com/w3c/webauthn:

== Clarify DER encoding rules apply to signature format encoding in section 6.5.5 ==
## Background
In section 6.5.5 "Signature Formats for Packed Attestation, FIDO U2F Attestation, and Assertion Signatures", it is stated that "the sig value MUST be encoded as an ASN.1 DER Ecdsa-Sig-Value".

However, the example states "02 20      ; INTEGER (32 Bytes)" - suggesting that the encoding would always lead to 32 bytes.

Some real world implementations don't follow DER encoding rules to "ensure that an integer value is always encoded in the smallest possible number of octets".

## Proposed Change
Add a (non-normative) comment to the example that the ASN.1 DER encoding could lead to a different number of encoded bytes.


Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2314 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 15 July 2025 15:21:42 UTC