Re: [webauthn] Require clients to support new fully-specified COSEAlgorithmIdentifiers (#2276) from Emil Lundberg via GitHub on 2025-07-16 (public-webauthn@w3.org from July 2025)

From: Emil Lundberg via GitHub <noreply@w3.org>
Date: Wed, 16 Jul 2025 18:46:47 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-3079877666-1752691605-noreply@w3.org>

Adding to that: given the outcome of discussions in https://github.com/w3c/webauthn/pull/2283, Ed448 would be the only remaining relevant algorithm identifier for this. Ed448 is on the 256-bit security level, while the current set of algorithms required to support in [§5.2.1.1. Easily accessing credential data](https://w3c.github.io/webauthn/#sctn-public-key-easy) is only ES256, RS256 and Ed25519 which are all on the 128-bit security level. Adding Ed448 to the required set should probably go along with adding other 256-bit level algorithms like ES512, which we see no need to require at the moment.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2276#issuecomment-3079877666 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 16 July 2025 18:46:48 UTC