The IESG has received a request from the CBOR Object Signing and Encryption WG (cose) to consider the following document: - 'COSE and JOSE Registrations for WebAuthn Algorithms' <draft-ietf-cose-webauthn-algorithms-05.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2020-05-27. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The W3C Web Authentication (WebAuthn) specification and the FIDO Alliance Client to Authenticator Protocol (CTAP) specification use CBOR Object Signing and Encryption (COSE) algorithm identifiers. This specification registers the following algorithms in the IANA "COSE Algorithms" registry, which are used by WebAuthn and CTAP implementations: RSASSA-PKCS1-v1_5 using SHA-256, SHA-384, SHA-512, and SHA-1, and ECDSA using the secp256k1 curve and SHA-256. It registers the secp256k1 elliptic curve in the IANA "COSE Elliptic Curves" registry. Also, for use with JSON Object Signing and Encryption (JOSE), it registers the algorithm ECDSA using the secp256k1 curve and SHA-256 in the IANA "JSON Web Signature and Encryption Algorithms" registry and the secp256k1 elliptic curve in the IANA "JSON Web Key Elliptic Curve" registry. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-cose-webauthn-algorithms/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc6194: Security Considerations for the SHA-0 and SHA-1 Message-Digest Algorithms (Informational - IETF stream) _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
