- From: philomathic_life via GitHub <sysbot+gh@w3.org>
- Date: Tue, 13 May 2025 14:59:55 +0000
- To: public-webauthn@w3.org
> FYI, the fully-specified algorithm numbers are now registered at https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Seems unfortunate that we have to yet again specify additional requirements _on top of_ what is in the registry. The description and associated draft for Ed25519 is simply "EdDSA using Ed25519 curve". That is _not_ sufficient. Ed25519 is a specific signature scheme defined in [RFC 8032](https://www.rfc-editor.org/rfc/rfc8032) that isn't simply "EdDSA with curve ed25519" but also requires several other conditions (e.g., SHA-512 is used as the hashing function). So like ES256 has the "de facto" requirement that P-256 is used, Ed25519 has the "de facto" requirement that SHA-512 is used, the pre-hash version of Ed25519 is used (not to be conflated with _curve_ ed25519), etc. This further adds to my argument that the WebAuth spec should not be changed to accommodate these new algorithms with the exception of Ed448 due to no suitable algorithm existing before these additions. -- GitHub Notification of comment by zacknewman Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2283#issuecomment-2876881448 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 13 May 2025 14:59:55 UTC