[webauthn] Post Quantum Crypto and WebAuthn Transition for RP (#2417)

• From: Akshay Kumar via GitHub <noreply@w3.org>
• Date: Wed, 22 Apr 2026 10:57:30 +0000
• To: public-webauthn@w3.org
• Message-ID: <issues.opened-4308488506-1776855448-noreply@w3.org>

akshayku has just created a new issue for https://github.com/w3c/webauthn:

== Post Quantum Crypto and WebAuthn Transition for RP ==
Opening this issue for discussion around PQC transition for RPs in WebAuthn

## RP Flow
Currently we have defined algorithms in IANA for 3 ML-DSA algorithms (-48, -49, -50) which allows RP to register those PQC algorithms. 

We have to think about the transitions and flexibilities RP needs to have to react to crypto advancements. As PQC algorithms are new and not fully time tested, RP needs to prepare for both classical and PQC algorithms getting broken for some time. Also, user should not be asked to setup new credentials at that point in time because their current authentication is already vulnerable. RP should be ready in advance for these likely scenarios. 

## Current Spec Issues
### Issue 1: RP cannot have two different algorithm credential in same authenticator for same account.
- Resident/Discoverable Credentials are overwritten for same userID/RPID but different algorithms.
- For the same userID/RPID, we currently say that authenticator should overwrite the credentials irrespective of algorithms being different.
- RP can workaround this today by supplying different userID for the same account, but that results in user being shown two different tiles for same account. 
- Platform cannot determine that these are the same account in authentication phase if userID is different.

### Proposed Change 1: Overwrite the existing credential if RPID, UserID and Algorithm are the same. 
- Addition of algorithm in overwrite logic will allow two different algorithms to exist for the same RP in same authenticator. 
- UserID can remain the same for the those different algorithms credentials and platform can do heuristics to show only one of the credentials based on RP's preference

### Issue 2: In usernameless flows, RP cannot say which algorithm credentials are allowed for authentication
- Assuming that RP is reacting to potential scenarios below, RP needs to make sure that user is not authentication with broken algorithms. 
    - Scenario 1: Classical Algorithm is broken
    - Scenario 2: Current defined ML-DSA PQC algorithms gets broken
        - Given PQC algorithms are new and not time tested, this possibility exists

### Proposed Change 2: Add allowed algorithms preference to authentication ceremony similar to registration ceremony
- This will allow RPs to specify which algorithms are allowed to do authentication in usernameless flows also. 
- This will then allow platforms to filter out credentials which RP does not trust anymore taking into account the userID. 




Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2417 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 22 April 2026 10:57:31 UTC