CBOR Object Signing and Encryption (COSE) and JSON Object Signing and Encryption (JOSE) Registrations for Web Authentication (WebAuthn) Algorithms
draft-ietf-cose-webauthn-algorithms-08
Technical Summary
The W3C Web Authentication (WebAuthn) specification and the FIDO
Alliance Client to Authenticator Protocol (CTAP) specification use
CBOR Object Signing and Encryption (COSE) algorithm identifiers.
This specification registers the following algorithms in the IANA
"COSE Algorithms" registry, which are used by WebAuthn and CTAP
implementations: RSASSA-PKCS1-v1_5 using SHA-256, SHA-384, SHA-512,
and SHA-1, and ECDSA using the secp256k1 curve and SHA-256. It
registers the secp256k1 elliptic curve in the IANA "COSE Elliptic
Curves" registry. Also, for use with JSON Object Signing and
Encryption (JOSE), it registers the algorithm ECDSA using the
secp256k1 curve and SHA-256 in the IANA "JSON Web Signature and
Encryption Algorithms" registry and the secp256k1 elliptic curve in
the IANA "JSON Web Key Elliptic Curve" registry.
Working Group Summary
Consensus to publish appears to be firm, and a number of specific
people were identified as having provided reviews, all of which have
been addressed.
Document Quality
The document has had clear working group consensus for publication and it has
been reviewed by a few working group participants since its adoption.
Personnel
Ivaylo Petrov is the document shepherd.
Murray Kucherawy is the responsible Area Director.