- From: Orie Steele via GitHub <sysbot+gh@w3.org>
- Date: Mon, 19 May 2025 16:02:06 +0000
- To: public-webauthn@w3.org
I understand the desire not to use the new algorithms if the existing ones are burned into devices. If I understand correctly, the existing webauthn behavior is that in cases where an algorithm worked with multiple curves, webauthn chose a curve, and does not support all the curves for that algorithm, is that correct? In other words, in webauthn: -7 means ECDSA with SHA256 and P-256 ... this now has an official name ESP256 -8 means EdDSA with Ed25519 ... this now has an official name Ed25519 ... Just for my own clarity are there any hardware devices out there that use -7 with a curve other than P-256? In other words, does webauthn make use of the "feature" that -7 works with P-384 and P-521, or does it just ignore that possibility, and assume that -7 is always with P-256? (and my webauthn, I really mean devices that can't be updated, as opposed to the spec itself) -- GitHub Notification of comment by OR13 Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2283#issuecomment-2891547213 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 19 May 2025 16:02:07 UTC