- From: Michael B. Jones via GitHub <sysbot+gh@w3.org>
- Date: Thu, 15 May 2025 19:58:03 +0000
- To: public-webauthn@w3.org
OK, I understand and agree with this point you're making: > Similar descriptions for Ed448 follow. The key is to not phrase "Ed25519" in the context of a _curve_ but instead as the specific signature scheme which of course implies curve ed25519 in addition to 10 other things. Here, it sounds to me like you are talking about key representations: > Since we are here, it would also be nice for algorithms like ESP256 to require the uncompressed form since this would entirely eliminate the need for further refinement in WebAuthn for all of these new IDs. By design, the cryptographic algorithms are independent of the key representations used. Everything works no matter what key representation is used, provided the implementation understands and correctly interprets the key representation(s) used. Therefore, if WebAuthn wants to make statements about key representations it needs to do so itself. I would file an issue about that if you believe that something is missing from WebAuthn. For example, the equivalence of key representations is discussed in another context at https://www.rfc-editor.org/rfc/rfc7638.html#section-3.5 : > Note that a key need not be in JWK format to create a JWK Thumbprint > of it. The only prerequisites are that the JWK representation of the > key be defined and the party creating the JWK Thumbprint be in > possession of the necessary key material. These are sufficient to > create the hash input from the JWK representation of the key, as > described in [Section 3.3](https://www.rfc-editor.org/rfc/rfc7638.html#section-3.3). It may not be OK for WebAuthn, but for the cryptographic algorithm, it doesn't matter if the key is represented as a JWK, a COSE_Key, in a X.509 certificate, or in an XML data structure, provided the implementation understands and correctly uses it. cc: @OR13 -- GitHub Notification of comment by selfissued Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2283#issuecomment-2884918027 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 15 May 2025 19:58:03 UTC