From 14ac3748530b84d58e8129d23b33dea309118f9e Mon Sep 17 00:00:00 2001
From: Daniel Huigens <d.huigens@protonmail.com>
Date: Wed, 25 Jun 2025 19:33:26 +0200
Subject: [PATCH 1/3] Fix section references for ECDSA

---
 spec/Overview.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spec/Overview.html b/spec/Overview.html
index d8f02ff..889119b 100644
--- a/spec/Overview.html
+++ b/spec/Overview.html
@@ -7135,7 +7135,7 @@ <h5>Sign</h5>
                       <li>
                         <p>
                           Perform the ECDSA signing process, as specified in [[RFC6090]],
-                          Section 5.4, with |M| as the message, using |params| as the
+                          Section 5.4.2, with |M| as the message, using |params| as the
                           EC domain parameters, and with |d| as the private key.
                         </p>
                       </li>
@@ -7236,7 +7236,7 @@ <h5>Verify</h5>
                   </dt>
                   <dd>
                     <p>
-                      Perform the ECDSA verifying process, as specified in [[RFC6090]], Section 5.3, with |M| as the received
+                      Perform the ECDSA verifying process, as specified in [[RFC6090]], Section 5.4.3, with |M| as the received
                       message, |signature| as the received signature and using
                       |params| as the EC domain parameters, and
                       |Q| as the public key.

From 8deea685ed8a44e163e14c2534736cf906768e6a Mon Sep 17 00:00:00 2001
From: Daniel Huigens <d.huigens@protonmail.com>
Date: Wed, 25 Jun 2025 19:51:11 +0200
Subject: [PATCH 2/3] Specify the signature encoding in ECDSA verification

---
 spec/Overview.html | 48 ++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 42 insertions(+), 6 deletions(-)

diff --git a/spec/Overview.html b/spec/Overview.html
index 889119b..6b58909 100644
--- a/spec/Overview.html
+++ b/spec/Overview.html
@@ -633,6 +633,13 @@ <h2>Terminology</h2>
           then return the [= byte sequence =] formed by considering each consecutive
           sequence of 8 bits in that bit sequence as a byte.
         </p>
+        <p>
+          To <dfn id="dfn-convert-byte-sequence-to-integer">convert a byte sequence
+          to a non-negative integer</dfn>,
+          interpret the byte sequence as a big-endian non-negative integer
+          (most significant bit first),
+          and return that integer.
+        </p>
         <p>
           Comparing two strings in a <dfn id="case-sensitive">case-sensitive</dfn>
           manner means comparing them exactly, code point for code point.
@@ -7235,12 +7242,41 @@ <h5>Verify</h5>
                     |key| is "`P-256`", "`P-384`" or "`P-521`":
                   </dt>
                   <dd>
-                    <p>
-                      Perform the ECDSA verifying process, as specified in [[RFC6090]], Section 5.4.3, with |M| as the received
-                      message, |signature| as the received signature and using
-                      |params| as the EC domain parameters, and
-                      |Q| as the public key.
-                    </p>
+                    <ol>
+                      <li>
+                        <p>
+                          Let |n| be the smallest integer such that |n| * 8 is greater than
+                          the logarithm to base 2 of the order of the base point of the elliptic curve identified
+                          by |params|.
+                        </p>
+                      </li>
+                      <li>
+                        <p>
+                          If |signature| does not have a [= byte sequence/length =] of |n| * 2 bytes,
+                          then return false.
+                        </p>
+                      </li>
+                      <li>
+                        <p>
+                          Let |r| be the result of
+                          <a href="#dfn-convert-byte-sequence-to-integer">converting the first |n| bytes of |signature| to an integer</a>.
+                        </p>
+                      </li>
+                      <li>
+                        <p>
+                          Let |s| be the result of
+                          <a href="#dfn-convert-byte-sequence-to-integer">converting the last |n| bytes of |signature| to an integer</a>.
+                        </p>
+                      </li>
+                      <li>
+                        <p>
+                          Perform the ECDSA verifying process, as specified in [[RFC6090]], Section 5.4.3, with |M| as the received
+                          message, (|r|, |s|) as the signature and using
+                          |params| as the EC domain parameters, and
+                          |Q| as the public key.
+                        </p>
+                      </li>
+                    </ol>
                   </dd>
                   <dt>
                     Otherwise, the {{EcKeyAlgorithm/namedCurve}} attribute

From bb8d07c9fb093938507e2f248088eee5e21c5753 Mon Sep 17 00:00:00 2001
From: Daniel Huigens <d.huigens@protonmail.com>
Date: Wed, 25 Jun 2025 19:53:18 +0200
Subject: [PATCH 3/3] Simplify wording of function to convert an integer to a
 byte sequence

---
 spec/Overview.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/spec/Overview.html b/spec/Overview.html
index 6b58909..981c442 100644
--- a/spec/Overview.html
+++ b/spec/Overview.html
@@ -625,10 +625,10 @@ <h2>Terminology</h2>
           and then considering each consecutive sequence of 8 bits in that string as a byte.
         </p>
         <p>
-          When this specification says to <dfn id="dfn-convert-integer-to-byte-sequence">convert a non-negative
+          To <dfn id="dfn-convert-integer-to-byte-sequence">convert a non-negative
           integer |i| to a byte sequence of length |n|</dfn>, where |n| * 8
-          is greater than the logarithm to base 2 of |i|, the user agent must
-          first calculate the binary representation of |i|, most significant bit first,
+          is greater than the logarithm to base 2 of |i|,
+          calculate the binary representation of |i|, most significant bit first,
           prefix this with sufficient zero bits to form a bit sequence of length |n| * 8, and
           then return the [= byte sequence =] formed by considering each consecutive
           sequence of 8 bits in that bit sequence as a byte.