Re: Attestation changes (was RE: [webauthn] new commits pushed by rlin1) from Rolf Lindemann on 2016-09-14 (public-webauthn@w3.org from September 2016)

From: Rolf Lindemann <rlindemann@noknok.com>
Date: Wed, 14 Sep 2016 18:48:03 +0200
To: Vijay Bharadwaj <vijaybh@microsoft.com>
Cc: "public-webauthn@w3.org" <public-webauthn@w3.org>
Message-ID: <CA+rhY9a613zY9HenzdsC1tTdNw8aTUF5vmvqqhYa50RPxz10Vw@mail.gmail.com>

Hi Vijay,

I am open to further name changes.
The main reasons to add Android "N" were:
a) I think we should remove SafetyNet attestation as this attests to the
platform, but not to the authenticator.
b) Android "N" is in some sense the opposite of TPM attestation since the
level2Data is controlled by the Client and not by the Authenticator.  I
have done it in the same way as we did for the latest UAF version - with
support from the experts.

I am fine with merging it into your vgb-modular-attestation branch, I think
we want it in one branch.  Didn't want to do it without your involvement
though.

Kind regards,
   Rolf

On Wed, Sep 14, 2016 at 6:34 PM, Vijay Bharadwaj <vijaybh@microsoft.com>
wrote:

> Thanks very much for doing this, Rolf. I hadn't been able to finish this
> up yet unfortunately.
>
> I was looking at the diffs (https://github.com/w3c/
> webauthn/compare/vgb-modular-attestation...rolf-modular-
> attestation-changes) and I agree with a lot of the changes, and I think
> they make for a more consistent description of attestation overall.
>
> Two things I think we could discuss:
> 1. Naming - I feel like level1Data and level2Data are perhaps not
> sufficiently evocative. How do you feel about authenticatorData and
> attestedData? The former would be defined as things about the authenticator
> that might be said by anyone, and the latter is things that the
> authenticator (or its crypto kernel) actually attested to.
> 2. You added Android N attestation. Thanks for doing this - it fixes #103
> and #128, and it also provides a nice test case for adding new attestation
> types in the new structure. However, I am far from an expert on Android N,
> so perhaps someone who knows more about that could double-check the section
> for technical accuracy?
>
> Regarding logistics, would you be okay if I pull this into my attestation
> branch, then submit the whole merged thing as one unit once we've signed
> off as a group?
>
> -----Original Message-----
> From: Rolf Lindemann via GitHub [mailto:sysbot+gh@w3.org]
> Sent: Wednesday, September 14, 2016 6:55 AM
> To: public-webauthn@w3.org
> Subject: [webauthn] new commits pushed by rlin1
>
>
> The following commits were just pushed by rlin1 to
> https://github.com/w3c/webauthn:
>
> * more notes added
>   by rlin1
> https://github.com/w3c/webauthn/commit/7c1c58000eff2de718a01686292c0f
> 1807de1cd8
>
> * merged
>   by rlin1
> https://github.com/w3c/webauthn/commit/72a6e293ceff9fc8b23ea71ef068b6
> 4a1ec3c16a
>
>


-- 

*Rolf* *Lindemann*
Senior Director, Products and Technology
D  / rlindemann@noknok.com

*Nok Nok Labs Inc.*
2100 Geng Road, Suite 105
Palo Alto, CA 94303
T +1 650 433 1300
info@noknok.com

*www.noknok.com* <http://www.noknok.com>




<http://www.linkedin.com/company/nok-nok-labs>
<http://www.twitter.com/noknoklabs>
<https://plus.google.com/108217184383559859585>
<http://www.facebook.com/NokNokLabs>

Received on Wednesday, 14 September 2016 16:48:34 UTC