- From: philomathic_life via GitHub <sysbot+gh@w3.org>
- Date: Tue, 20 May 2025 19:52:49 +0000
- To: public-webauthn@w3.org
> I could go either way on recommending that RPs request the new IDs (in addition to the respective old ones) in pubKeyCredParams. I've kept it in the PR for now. I think we should at the very least have some note saying if an RP requests one of the new IDs they really SHOULD also request the old one. There is no need to tell RPs that request the new IDs that they SHOULD also request the old one since the old IDs are _always_ recommended (i.e., regardless if an RP requests the new IDs, they SHOULD request the old IDs); as a result, I think the PR should be changed to remove the recommendation in `pubKeyCredParams` for the new IDs. There _is_ harm in adding the new IDs. It adds complexity to the spec that doesn't need to be there. There is a reason that only 3 IDs are recommended for `pubKeyCredParams`. Why is "ES512" not in the the recommended list of `pubKeyCredParams`? I claim the same answer to that question is the same answer to "why is Ed25519 not in the recommended list of `pubKeyCredParams`? We already have an ID that represents Ed25519, and we don't want that list to be larger than necessary. -- GitHub Notification of comment by zacknewman Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2283#issuecomment-2895672763 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 20 May 2025 19:52:50 UTC