Re: [webauthn] build on Adding a choice for RP to express preferences for attestation types from Rolf Lindemann via GitHub on 2017-11-22 (public-webauthn@w3.org from November 2017)

From: Rolf Lindemann via GitHub <sysbot+gh@w3.org>
Date: Wed, 22 Nov 2017 11:53:18 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-346328826-1511351597-sysbot+gh@w3.org>

>b) Re: 'indirect'. "There is no guarantee that the Relying Party will obtain a verifiable attestation statement in this case." I take this to mean that it is possible for the RP to receive a verifiable attestation when "indirect" is selected. What does a verifiable attestation statement look like in this case? Would it conform to one of the pre-registered attestation formats? Or it is yet to be defined?

It needs to be one of the already defined attestation formats since the specification of AuthenticatorAttestationResponse and all related details haven't changed.

-- 
GitHub Notification of comment by rlin1
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/693#issuecomment-346328826 using your GitHub account

Received on Wednesday, 22 November 2017 11:53:23 UTC