For relevant points, see: * [Section 4.3.1](http://w3c.github.io/webauthn/#attestation-models): Compliant servers MUST support all attestation models. Authenticators can choose what attestation model to implement. * [Section 4.3.2.1.2](http://w3c.github.io/webauthn/#packed-attestation-signature): The signature is computed over the rawData field. The following algorithms must be implemented by servers: * [Section 6.5](http://w3c.github.io/webauthn/#uvi-extension): Servers supporting UVI extensions MUST support a length of up to 32 bytes for the UVI value. * [Section 4.3.3](http://w3c.github.io/webauthn/#verifying-an-attestation-statement): Upon receiving an attestation statement, the WebAuthn Relying Party shall: Like attestation statements and signature formats, this sort of information is useful to those that are trying to use the APIs. Suggesting broad adoption of some set of crypto / attestation formats is important to make sure implementations are broadly interoperable. Also, Section 4.3.3 is generally important to make sure that a server is doing its appropriate security diligence. -- GitHub Notification of comment by apowers313 Please view or discuss this issue at https://github.com/w3c/webauthn/issues/88#issuecomment-218187905 using your GitHub accountReceived on Tuesday, 10 May 2016 15:09:03 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:20 UTC