Description
This issue refers to the security review requested at w3c/security-request/#55.
I was wondering if the current recommendation of cryptographic primitives can be satisfied by all the smartphones that are available currently in the market. To elaborate on this point, based on research that we did, which is based on publicly available data link, the cryptographic algorithms supported by CC-certified StrongBox implementations are limited by the capabilities of their eSE. For example, only the ECDSA with the P-256 curve is supported by just two out of the three CC-certified implementations: KNOX Vault and the Titan M2 chip (see Section 3.4 for more details). Given that, I was wondering if there is a need to give more flexibility or if the situation will be changed in the near future and we can stick to the current recommendation.
I agree that this is a small use-case in the bigger world; however, I think it deserves a small attention.