- From: philomathic_life via GitHub <sysbot+gh@w3.org>
- Date: Tue, 20 May 2025 15:10:32 +0000
- To: public-webauthn@w3.org
@emlun, almost all of the points you made are true without this PR as well. Without this PR, RPs can still add support for these new IDs; so I don't see how there is benefit in mentioning them in the spec. Two, adding these IDs is more work even if they're only "recommendations" for user agents, authenticators, and RPs. That is not even debatable in WebAuthn Level 4 if they were to be become required. So if we accept that the legacy IDs will always need to be supported and RPs are always allowed to support IDs in the registry even if they're not explicitly mentioned in the spec (e.g., the new ones mentioned here), then what's to be gained other than a more complex spec? _If_ this were to go in, then you make a great point about `getPublicKey`. Currently user agents are _required_ to return SPKI data from that function when the corresponding ID is EdDSA, ES256, and Rs256. Presumably we add that user agents are required to support the new IDs as well? -- GitHub Notification of comment by zacknewman Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2283#issuecomment-2894788516 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 20 May 2025 15:10:33 UTC