Native CBOR support

Since WebAuthN uses CBOR, I felt it would be a good idea to bring broad base support for CBOR throughout.

What is CBOR? CBOR is a serialization format much like JSON (and some more). However, unlike JSON, CBOR is a binary format. Its binary format can sometimes be 20-30% smaller than JSON. At scale, it can make a massive difference in bandwidth and memory. In many libraries, CBOR can be even faster when decoding and encoding. All valid JSON can be represented as CBOR. It also has the ability to encode and decode things into native JavaScript like dates, integers, UInt8Array and more.

I felt that it was weird for WebAuthN to support CBOR (as it's available in all browsers) but not expose that CBOR in the official spec.


WebAuthN isn’t part of the language, it’s part of HTML. Have you asked that specification?

While WebAuthN isn't part of the language, I just liked this CBOR. But it could be pratically almost the same as, but a bit more shorter than:


(That's how a key-to-value map looks like in CBOR, except it's binary.)

CBOR has all the same limitations as JSON (e.g., no parent-child uplinking-downlinking), but it loses human readability and gains a little size advantage. It would probably see use as a replacement for JSON if the HTML and JS standards cooperated to make it happen.

Personally, I would love to see a format spec (binary or human readable, but I prefer human readable) for storing / loading nonserializable JavaScript object states. It's one of JavaScript's greatest weaknesses: Loading most useful structures into memory requires extravagant CPU cycles, not just copying to RAM. CBOR doesn't address that problem, unfortunately.

1 Like