[w3c/webauthn] 85db88: Clean up attestation, abstract it from UA, fix TPM...

  Branch: refs/heads/master
  Home:   https://github.com/w3c/webauthn
  Commit: 85db884771c13f7c540db3a58b925cfb73695cac
      https://github.com/w3c/webauthn/commit/85db884771c13f7c540db3a58b925cfb73695cac
  Author: Vijay Bharadwaj <vijaybh@users.noreply.github.com>
  Date:   2017-02-13 (Mon, 13 Feb 2017)

  Changed paths:
    A images/fido-attestation-structures.svg
    M index.bs

  Log Message:
  -----------
  Clean up attestation, abstract it from UA, fix TPM format, add U2F format (#321)

* Add markup to eliminate bikeshed warnings

* Client sends RP ID, not its hash, to authenticators

Fixes #188

* Make attestation opaque to client

Puts all attestation info into a CBOR object which is opaque to client
and only parsed by RP. Fixes #244.

This also lays some of the groundwork for adding a U2F attestation
format.

I will clean up the TPM attestation section in a separate commit.

* Specify that clientDataJSON does not need to be canonicalized

Fixes #274

* Many attestation and signature cleanups

Refactor the attestation section to clean up exposition. Separated out
signature verification (per format) from trust chaining (done at higher
layer).

Created a separate section for specifying key RP operations. Fixes #88.

RP registration section defines binding of credentials to user accounts.
Fixes #13.

RP registration section also defines options in case of registering the
same credential to different users. Fixes #12.

Cleans up and completes defining the process for verifying assertions,
which had already been largely done by @rlin1. Fixes #102.

Completes drawing the distinction between assertion and attestation
certificates. Fixes #118.

Replace "client platform" with "client" in signature format section to
avoid confusion. Fixes #209.

* Fix up TPM attestation format

Removed the TPM 1.2 parts.

Rounded out the section. Fixes #226.

Also clarified what certifyInfo contains. Fixes #242.

* added missing reference FIDO-APPID

* Proofreading fixes, finish attestation cleanup

Fixed small wording and markdown issues. This completes the changes to
make attestation opaque to UAs, which fixes #286, fixes #287, and fixes
#289. It also fixes #239 by removing the homegrown algorithm identifiers
and specifying the algorithm explicitly in attestation data using JWK
identifiers. It also fixes #240 by encoding keys in CBOR which specifies
lengths of fields.

* Add U2F attestation format

Fixes #214

* Add reference for U2F message formats

* lex

* Implement Rolf's naming suggestions

Clearly differentiate attestation statements and attestation objects.

* Rename attestationStatement back to just attestation

This is now the only use of "attestation" so we might as well save bytes
in the authenticator.

* Tweak wording and naming of CBOR fields

* Editorial tweaks for wording consistency

* first draft of attestation structure figure added

* added attestation data to attstn structs diagram

* moved structures names to avoid confusion

* resized attstn structs figure, added fig to section #cred-attestation

* Fix bikeshed linking error

* Editorial revisions

Thanks to @equalsJeffH for the detailed review.

Remaining items: Refactor signature format section, possibly rename
fields for brevity, add CDDL/ABNF, fix U2F attestation issues.

* Fix interface/member confusion

Thanks to @equalsJeffH for spotting this.

* Fix linking error

* Clean up exposition

Separate out verification of assertion and attestation signatures,
removing redundant steps. Broke up signature format sectiona and moved
the pieces to the appropriate places.

* Use CDDL to define attestation and extension structures

Fixes #318

* fix CDDL marker for packed attestation

* Clean up attestation CDDL

Consistent naming across types, stricter specification.

Fixes #332 by removing the bad text.

Received on Monday, 13 February 2017 23:47:32 UTC