Re: Attestation changes (was RE: [webauthn] new commits pushed by rlin1) from Rolf Lindemann on 2016-09-14 (public-webauthn@w3.org from September 2016)

From: Rolf Lindemann <rlindemann@noknok.com>
Date: Wed, 14 Sep 2016 18:49:31 +0200
To: Vijay Bharadwaj <vijaybh@microsoft.com>
Cc: "public-webauthn@w3.org" <public-webauthn@w3.org>
Message-ID: <CA+rhY9Yd1Hwci4Pyu2CeKMjLqDbhvLtpDv+eJZsf64aqK9KsmQ@mail.gmail.com>

One more thing: using a single level2Data structure for signature assertion
and attestation might need more explanation as the security posture might
be different (unrestricted keys, etc.).

On Wed, Sep 14, 2016 at 6:34 PM, Vijay Bharadwaj <vijaybh@microsoft.com>
wrote:

> Thanks very much for doing this, Rolf. I hadn't been able to finish this
> up yet unfortunately.
>
> I was looking at the diffs (https://github.com/w3c/
> webauthn/compare/vgb-modular-attestation...rolf-modular-
> attestation-changes) and I agree with a lot of the changes, and I think
> they make for a more consistent description of attestation overall.
>
> Two things I think we could discuss:
> 1. Naming - I feel like level1Data and level2Data are perhaps not
> sufficiently evocative. How do you feel about authenticatorData and
> attestedData? The former would be defined as things about the authenticator
> that might be said by anyone, and the latter is things that the
> authenticator (or its crypto kernel) actually attested to.
> 2. You added Android N attestation. Thanks for doing this - it fixes #103
> and #128, and it also provides a nice test case for adding new attestation
> types in the new structure. However, I am far from an expert on Android N,
> so perhaps someone who knows more about that could double-check the section
> for technical accuracy?
>
> Regarding logistics, would you be okay if I pull this into my attestation
> branch, then submit the whole merged thing as one unit once we've signed
> off as a group?
>
> -----Original Message-----
> From: Rolf Lindemann via GitHub [mailto:sysbot+gh@w3.org]
> Sent: Wednesday, September 14, 2016 6:55 AM
> To: public-webauthn@w3.org
> Subject: [webauthn] new commits pushed by rlin1
>
>
> The following commits were just pushed by rlin1 to
> https://github.com/w3c/webauthn:
>
> * more notes added
>   by rlin1
> https://github.com/w3c/webauthn/commit/7c1c58000eff2de718a01686292c0f
> 1807de1cd8
>
> * merged
>   by rlin1
> https://github.com/w3c/webauthn/commit/72a6e293ceff9fc8b23ea71ef068b6
> 4a1ec3c16a
>
>


-- 

*Rolf* *Lindemann*
Senior Director, Products and Technology
D  / rlindemann@noknok.com

*Nok Nok Labs Inc.*
2100 Geng Road, Suite 105
Palo Alto, CA 94303
T +1 650 433 1300
info@noknok.com

*www.noknok.com* <http://www.noknok.com>




<http://www.linkedin.com/company/nok-nok-labs>
<http://www.twitter.com/noknoklabs>
<https://plus.google.com/108217184383559859585>
<http://www.facebook.com/NokNokLabs>

Received on Wednesday, 14 September 2016 16:50:01 UTC