You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, we have a call structure where WebAuthnSigner calls WebAuthnVerifier which calls a P256Verifier implementation. Overall, the call structure is nice because:
It avoid deploying large amounts of code in WebAuthnSigner related to computing the WebAuthn signing message at the cost of an extra call. In theory, it would take many signatures before the additional signing gas overhead outweighs the deployment costs (TBD)
It allows multiple P256Verifier implementations to be deployed and used.
However, there are some drawbacks to exactly how it is implemented. Namely, we require a single WebAuthnVerifier deployment for eachP256Verifier that is deployed, but without much benefit (namely, we do an external call anyway - so this can be parameterized in the signature verification and does not need to be an immutable). Additionally, this does not need to be a separate contract to the WebAuthnFactory; in fact the WebAuthnSigners can call the WebAuthnFactory contract in order to perform the signature verification, so all the WebAuthn logic lives in one place.
This issue proposes:
Changing WebAuthnVerifier to receive the P256 verifier to use instead of using an immutable
Combining the WebAuthnVerifier and WebAuthnSignerFactory into WebAuthn contract for general WebAuthn signature verification using the P-256 curve (names TBD, as we would also want to support EdDSA for example).
The text was updated successfully, but these errors were encountered:
Currently, we have a call structure where
WebAuthnSignercallsWebAuthnVerifierwhich calls aP256Verifierimplementation. Overall, the call structure is nice because:WebAuthnSignerrelated to computing the WebAuthn signing message at the cost of an extra call. In theory, it would take many signatures before the additional signing gas overhead outweighs the deployment costs (TBD)P256Verifierimplementations to be deployed and used.However, there are some drawbacks to exactly how it is implemented. Namely, we require a single
WebAuthnVerifierdeployment for eachP256Verifierthat is deployed, but without much benefit (namely, we do an external call anyway - so this can be parameterized in the signature verification and does not need to be animmutable). Additionally, this does not need to be a separate contract to theWebAuthnFactory; in fact theWebAuthnSigners can call theWebAuthnFactorycontract in order to perform the signature verification, so all theWebAuthnlogic lives in one place.This issue proposes:
WebAuthnVerifierto receive the P256 verifier to use instead of using animmutableWebAuthnVerifierandWebAuthnSignerFactoryintoWebAuthncontract for general WebAuthn signature verification using the P-256 curve (names TBD, as we would also want to support EdDSA for example).The text was updated successfully, but these errors were encountered: