W3C home > Mailing lists > Public > public-webauthn@w3.org > August 2017

[webauthn] Make U2F Attestation Format "sig" more precise

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Wed, 09 Aug 2017 18:12:07 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-249115944-1502302325-sysbot+gh@w3.org>
jcjones has just created a new issue for https://github.com/w3c/webauthn:

== Make U2F Attestation Format "sig" more precise ==
[Section 7.6](https://w3c.github.io/webauthn/#fido-u2f-attestation) defines the syntax of the **sig** field for the U2F Attestation Format as "The attestation signature." The Firefox [implementation chose (incorrectly)](https://bugzilla.mozilla.org/show_bug.cgi?id=1387820) to use the whole U2F signature response, including counter and flags, rather than the bare signature.

It would be good to adjust the language to something akin to "**sig**: The attestation signature alone, without protocol flags or counters."

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/530 using your GitHub account
Received on Wednesday, 9 August 2017 18:12:10 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:26 UTC