RE: Simplifying Android attestation

Thanks Alexei, I have updated the PR with the Android simplifications, so it is now in sync with the diff that Jeff sent.

I will make some more small changes based on Jeff’s feedback on the PR (he asked for some clarifications in wording) and if there are no objections I will merge in the result tomorrow after the conf call.

Rolf, please let me know if that is okay with you or you would like more time to review.

From: Alexei Czeskis [mailto:aczeskis@google.com]
Sent: Tuesday, May 03, 2016 3:00 PM
To: Vijay Bharadwaj <vijaybh@microsoft.com>
Cc: public-webauthn@w3.org
Subject: Re: Simplifying Android attestation

This looks great to me based on the diff that Jeff sent.


Thanks!
-Alexei


________________

 . Alexei Czeskis .:. Securineer .:. 317.698.4740 .

On Mon, May 2, 2016 at 10:37 PM, Vijay Bharadwaj <vijaybh@microsoft.com<mailto:vijaybh@microsoft.com>> wrote:
On the PR for issue #1, JeffH asked why I was declaring the attestation statement as type any in the top-level IDL. This is an excellent question, and befits a more detailed response than I could give on the PR discussion thread.

As I mentioned in my response, I am wondering if we could eliminate a bunch of client-side processing that consists simply of bit-fiddling the Android attestation to get it into a “pretty” format. To give people a more concrete idea of what I mean, I have attached a version of the “merged” spec (i.e. incorporating the PR changes for both #1 and #61) that eliminates this bit-fiddling. I’d be happy to add this to the PR for #1 if people think it’s better than what we have now.

Note that all the differences are in section 4.4.

Thanks,

--
-Vijay