Additional RSA Algorithms for COSE Messages Registered by W3C WebAuthn

The WebAuthn working group has published the “COSE Algorithms for Web Authentication (WebAuthn)” specification, which registers COSE algorithm identifiers for RSASSA-PKCS1-v1_5 signature algorithms with SHA-2 and SHA-1 hash algorithms. RSASSA-PKCS1-v1_5 with SHA-256 is used by several kinds of authenticators. RSASSA-PKCS1-v1_5 with SHA-1, while deprecated, is used by some Trusted Platform Modules (TPMs). See https://www.iana.org/assignments/cose/cose.xhtml#algorithms for the actual IANA registrations.

Thanks to John Fontana, Jeff Hodges, Tony Nadalin, Jim Schaad, GÃƒÂ¶ran Selander, Wendy Seltzer, Sean Turner, and Samuel Weiler for their roles in registering these algorithm identifiers.

The specification is available at:

https://tools.ietf.org/html/draft-jones-webauthn-cose-algorithms-01

An HTML-formatted version is also available at:

https://self-issued.info/docs/draft-jones-webauthn-cose-algorithms-01.html

Musings on Digital Identity

Additional RSA Algorithms for COSE Messages Registered by W3C WebAuthn

Leave a Reply

Additional RSA Algorithms for COSE Messages Registered by W3C WebAuthn

Security Event Token (SET) spec addressing additional SecDir review comments

On our journey to deprecate the password: Public Implementation Draft of FIDO2 Client to Authenticator Protocol (CTAP) specification

Leave a Reply