At time of writing, only certain key types are permitted: 2048-bit RSA keys and Ed25519. The protocol is expensible to any other public key algorithm.
Despite the large key size, RSA is the only widely-trusted asymmetric key algorithm available in the WebCrypto API.
Curve 25519 keys with signatures on the Twisted Edwards curve, also known as Ed25519 or EdDSA. Ed25519 was chosen for many reasons, not least of which being reasonably good performance and high security relative to its length (i.e. much better than RSA).
[...] concretely Curve25519 works with keys consisting of about 256 bits, while an equivalent RSA instantiation would need key sizes of 3072 bits long.
Source
Elliptic curve cryptography is by no means perfectly secure. It can be defeated if the verifier does not verify that the public key falls on the correct curve. As such, please verify that the signature that comes in a payload is indeed on the specified curve.