Clarify which sign. algm.'s RP's must support (Sec. 4.3.2.1.2) #104
Labels
Milestone
Comments
|
at the time @gmandyam submitted this issue, S 4.3.2.1.2 mapped to this spot in index.src.html: |
|
We already decided in Berlin to not specify server behavior in this spec. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Current text states "The following algorithms must be implemented by servers:" and goes on to list target signing methods. But the text later says "WebAuthn Relying Parties must implement all the algorithms implemented by the authenticators that they support."
The two statements seem to contradict each other. For instance, if an RP does not support any authenticators that implement ECDAA then it does not seem to be necessary for the RP to implement ECDAA. Would recomment changing "The following algorithms must be implemented by servers:" to "One or more of the following algorithms must be implemented by servers (depending on the authenticators that servers support):"
The text was updated successfully, but these errors were encountered: