- From: philomathic_life via GitHub <sysbot+gh@w3.org>
- Date: Mon, 19 May 2025 15:11:33 +0000
- To: public-webauthn@w3.org
@emlun, Not sure how to interpret your comment about Ed25519 and Ed448, but [RFC 8032 § 5.2](https://www.rfc-editor.org/rfc/rfc8032#section-5.1.2) defines exactly how a point on the curve is to be encoded. Encoding it in any other way is wrong. For curves like P-256, COSE does require at least implicitly that a point is encoded in _some_ form; otherwise anyone could send any format they wanted (e.g., the "Zack" format which is 5 0s followed by the y coordinate followed by 12 0s followed by the x coordinate followed by 18 3s). Specifically, COSE requires a point on the curve to be encoded according to [SEC 1, Version 2.0 § 2.3.3](https://www.secg.org/sec1-v2.pdf). That section describes two formats, and COSE requires the key/point to be encoded in one of the two. WebAuthn goes further and refines it to the much more popular "uncompressed" form. -- GitHub Notification of comment by zacknewman Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2283#issuecomment-2891394405 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 19 May 2025 15:11:33 UTC