in S 6.4 "Android Key Attestation Format" {#android-key-attestation} (master branch commit 1eebeed), there is this bullet item in the "Verification procedure" subsection.. * Verify that the public key in the attestation certificate matches the credential public key in the attestation data field of the given authenticatorData. ..which implies (to me) that Android Key Attestation is "Self Attestation" (because the the attested public key is the same as the cred public key, which implies the attestation sig was done using the cred private key) Is this correct, i.e., Android Key Attestation is "Self Attestation" ? thanks, =JeffH
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC