w3c · akshayku · Feb 21, 2018 · Feb 15, 2018 · Feb 16, 2018 · Feb 16, 2018
diff --git a/index.bs b/index.bs
@@ -2789,6 +2789,50 @@ the [=authenticator=] MUST:
     attStmtTemplate .within $$attStmtType
     ```
 
+### Signature Formats ### {#signature-attestation-types}
+    - For COSEAlgorithmIdentifier -7 (ES256), `sig` contains a pair of 32-byte integers,
+        R followed by S, generated with ECDSA using Curve P-256 and SHA256 encoded as
+        ASN.1 DER format defined in [[ANSI.X9-62.2005]] and [[FIPS.186-4.2013]].
+
+        Note: As CTAP1/U2F devices are already producing signatures in this format, CTAP2
+        devices will also produce signatures in same format for consistency. Otherwise,
+        newer attestation formats MUST use COSE_KEY signature formats as defined in
+        [[IANA-COSE-ALGS-REG]].
+
+        ```
+        Example:
+        30 44                               ; SEQUENCE (44 Bytes)
+            02 20                            ; INTEGER (20 Bytes)
+            |  3d 46 28 7b 8c 6e 8c 8c  26 1c 1b 88 f2 73 b0 9a
+            |  32 a6 cf 28 09 fd 6e 30  d5 a7 9f 26 37 00 8f 54
+            02 20                            ; INTEGER (20 Bytes)
+              4e 72 23 6e a3 90 a9 a1  7b cf 5f 7a 09 d6 3a b2
+              17 6c 92 bb 8e 36 c0 41  98 a2 7b 90 9b 6e 8f 13
+        ```
+    - For COSEAlgorithmIdentifier -257 (RS256), `sig` contains the signature generated using the
+        RSASSA-PKCS1-v1_5 signature scheme defined in [[RFC8017]] with SHA256 as the hash function.
+        ```
+        Example:
+        87 38 c6 f7 7d 53 3a 7e  73 27 2e 4b 9d 45 c7 19
+        af 83 e2 ce ff 75 23 9d  24 5c 05 56 9e 66 a7 c5
+        d5 a3 b8 5c 6c cc bc d0  b9 04 55 bb 51 57 ba 34
+        5c 87 34 21 55 d2 ef 8b  28 9a cf ec 08 e6 8d 7d
+        84 57 1b 70 1c da 45 ca  23 0a b7 10 7a 06 29 07
+        61 bd e6 55 99 4d 86 f3  f0 8d ac 10 3d 13 5b 61
+        81 2d 88 82 f8 e9 02 0e  71 58 7a f5 f7 f0 61 95
+        9d f5 d9 35 54 48 7e 1c  3c 04 dc 9a f5 5a 04 b2
+        98 59 51 11 d5 2f 38 ac  55 96 50 7f 1e 06 8c 11
+        eb 77 19 03 ff b8 15 56  14 4e a7 77 be 22 90 c5
+        87 6d 34 7f 74 1b 7f 9a  63 6f e1 13 dd 4c 64 c0
+        0e d4 13 23 07 f2 a6 cf  ee 79 f2 36 d8 47 76 ee
+        83 14 b9 28 15 61 73 69  af 62 cd 4e 2b 1f 54 2b
+        02 49 fe 60 d5 bc 00 7d  83 19 de 61 fe 7e 7b c0
+        09 24 2c 13 0b af 30 16  a5 0f 75 ef 99 5f 9b f7
+        ed b0 a6 36 74 0e 90 dc  52 3b 4b 7d c5 eb f8 19
+        ```
+    - For COSEAlgorithmIdentifier -37 (RS256), `sig` contains the signature generated using the
+        RSASSA-PSS signature scheme defined in [[RFC8017]] with SHA256 as the hash function.
+
 # [=[RP]=] Operations # {#rp-operations}
 
 Upon successful execution of {{CredentialsContainer/create()}} or {{CredentialsContainer/get()}}, the [=[RP]=]'s script receives
@@ -4963,5 +5007,15 @@ for their contributions as our W3C Team Contacts.
     "href": "https://www.internet2.edu/media/medialibrary/2013/09/04/internet2-mace-dir-eduperson-200604.html",
     "date": "May 15, 2007"
   }
+
+  "ANSI.X9-62.2005": {
+    "title": "Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), ANSI X9.62-2005",
+    "date": "November 2005"
+  }
+
+  "FIPS.186-4.2013": {
+    "publisher": ["National Institute of Standards and Technology"],
+    "title": , "Digital Signature Standard (DSS), FIPS 186-4, 2013"
+  }
 }
 </pre>