W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2016

Re: Android Key Attestation is "Self Attestation" ?

From: Hodges, Jeff <jeff.hodges@paypal.com>
Date: Sat, 5 Nov 2016 01:11:36 +0000
To: Vijay Bharadwaj <vijaybh@microsoft.com>
CC: W3C WebAuthn WG <public-webauthn@w3.org>
Message-ID: <D4427F5E.DABD3%jehodges@paypalcorp.com>
On 10/26/16, 11:00 AM, "Vijay Bharadwaj" <vijaybh@microsoft.com> wrote:
>No, sorry, that text is confusing.
>AIUI the Android Key Attestation signature is itself in the form of an
>X.509 certificate. This certificate contains the credential public key
>and is signed by the attesting key. This public key (the one inside the
>signature-which-looks-like-a-certificate) is what's being talked about

ok, thanks, plus our link to 'Android Key Attestation' is stale. what i


..et al seems to work as you describe above.

Received on Saturday, 5 November 2016 01:12:10 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC