WebAuthn uses CBOR serialization for binary data sent to the Relying Party. Additionally, the next-generation of authenticator/token devices use a wire protocol called CTAP [1], which is based on CBOR, which will require Gecko to deserialize the (untrusted) CTAP data -- probably in Rust code, since that's what we've written the U2F protocol in. There are some quality-looking Rust-language CBOR libraries. We should use one of those from the WebAuthn C++ code, and use the same from the CTAP Rust code down-the-line, rather than maintaining two in-tree, or calling the C++ from Rust. [1] https://fidoalliance.org/specs/fido-v2.0-rd-20161004/fido-client-to-authenticator-protocol-v2.0-rd-20161004.html

Moving to p3 because no activity for at least 1 year(s). See https://github.com/mozilla/bug-handling/blob/master/policy/triage-bugzilla.md#how-do-you-triage for more information