- From: philomathic_life via GitHub <noreply@w3.org>
- Date: Tue, 03 Jun 2025 15:02:51 +0000
- To: public-webauthn@w3.org
I'm going to close this since it's not really a problem _yet_. RSA keys whose modulus exceeds 4K bits aren't that popular, and the currently defined post-quantum algorithms shouldn't be affected by the credential ID length maximum. I do maintain that it is unfortunate and perhaps even unintended that theoretically there are more constraints for server-side keys than client-side keys when one of the main benefits of using server-side keys is alleviating storage issues for authenticators. In the future _if_ new algorithms are defined with legitimate cryptographic benefits that are unable to be used for server-side keys due to this unnecessary constraint, then I'll open a new issue then. Hopefully the committee will be more open to removing this maximum length requirement since it seems silly to preclude server-side keys from being able to use certain algorithms. -- GitHub Notification of comment by zacknewman Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2299#issuecomment-2935810158 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 3 June 2025 15:02:52 UTC