- From: philomathic_life via GitHub <sysbot+gh@w3.org>
- Date: Thu, 15 May 2025 14:45:36 +0000
- To: public-webauthn@w3.org
> @zacknewman the descriptions in the Fully-Specified Algorithms draft can still be updated at this point to be more prescriptive. I'd be glad to do that. Would these updated descriptions fit the bill, as far as you're concerned? > > * Ed25519: EdDSA using Ed25519 curve, as described in Section 5.1 of RFC 8032 > > * Ed448: EdDSA using Ed448 curve, as described in Section 5.2 of RFC 8032 > > > Of course, that's what was always meant, but it's fine to be more precise. The biggest "issue" I see is that EdDSA is an 11-parameter algorithm; thus when I read "EdDSA using Ed25519 curve", I think it's now a 10-parameter algorithm since the curve parameter is fixed to be ed25519 which of all the parameters is the least in need of being stated. In other words "curve" should be dropped altogether; thus I think the following is better: > Ed25519: Ed25519 as defined in Section 5.1 of RFC 8032. If you insist for some reason to include "EdDSA" in the description, then something like: > Ed25519: EdDSA instantiated as prescribed in Section 5.1 of RFC 8032. Similar descriptions for Ed448 follow. Since we are here, it would also be nice for algorithms like ESP256 to require the uncompressed form since this would entirely eliminate the need for further refinement in WebAuthn for all of these new IDs. -- GitHub Notification of comment by zacknewman Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2283#issuecomment-2884094192 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 15 May 2025 14:45:37 UTC