- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Fri, 15 Jun 2018 17:15:03 +0000
- To: public-webauthn@w3.org
Yeah, it seems like where to get the root certs is intentionally left out except for the mention of the FIDO MDS. >In the SafetyNet Attestation API docs there is a section entitled Verify the compatibility check response that says to check the signature of the JWS... maybe a pointer to that is what is needed? Thanks, that seems like a good solution to me! >It's still not clear to me how to correlate the `ver` with the `response` to make sure the response is right. It's not like there's a `version` member inside the response payload I'm guessing the purpose of the `ver` response field is for selecting a verification algorithm, rather than something to compare the `response` against. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/950#issuecomment-397686538 using your GitHub account
Received on Friday, 15 June 2018 17:15:07 UTC