Emil Lundberg
Emil Lundberg
Hi @OR13 - is this a reply to my [email to the COSE/JOSE mail lists](https://mailarchive.ietf.org/arch/msg/cose/d0Akc8hHnwvH4_L1jZlkmD3_0v8/)?
We are now iterating on the extension API in this fork repo: https://github.com/yubicolabs/webauthn-sign-extension We'll cherry-pick the relevant changes back into this PR when we're satisfied with the design.
I've updated the PR to match draft version 3 from the fork repo. This includes the following changes: - Version 3 - Published: 2025-05-19 - Client: Fixed CBOR map key...
Yes, my wording was a bit clumsy. I meant it is safe to include for example both -9 (ESP256) and -7 (ES256) in `pubKeyCredParams`, and authenticators that don't support -9...
Indeed. [RFC 9053](https://www.rfc-editor.org/rfc/rfc9053.html#name-double-coordinate-curves) defines that >For [elliptic curve] public keys, it is REQUIRED that "crv", "x", and "y" be present in the structure. [...] and the new algorithm identifiers do...
Adding to that: given the outcome of discussions in https://github.com/w3c/webauthn/pull/2283, Ed448 would be the only remaining relevant algorithm identifier for this. Ed448 is on the 256-bit security level, while the...
>This proposes a new field be added to [PublicKeyCredentialRequestOptions](https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialcreationoptions). The field is called display, and initially has two values: autofill and ambient. When unspecified, its default value is used, which...
> it doesn't have any meaning for other credential types Hm, is that because `mediation: "conditional"` already covers the "ambient" use case for those other types? I.e., the other types...
In my implementation experience, challenges typically need to be associated with a particular session so that the server can verify that the assertion is signed over the expected challenge for...
Added a section on the "2FA" setting (renamed from "Require UV") covering most of what I laid out in https://github.com/syncthing/syncthing/pull/9175#issuecomment-2253145692.