Comment by djrenren
4 days ago
CBOR isn't a hobby spec. It's integral to the WebAuthn API spec. Every time someone uses a passkey, CBOR is used to exchange messages with the authenticator
4 days ago
CBOR isn't a hobby spec. It's integral to the WebAuthn API spec. Every time someone uses a passkey, CBOR is used to exchange messages with the authenticator
why was CBOR used for WebAuthn and was that a good idea?
Because given the same input data structure every correct implementation generates exactly the same byte sequence, so it's useful for signing. This isn't true of many other data formats, including JSON and protocol buffers.