[webauthn] Make U2F Attestation Format "sig" more precise from J.C. Jones via GitHub on 2017-08-09 (public-webauthn@w3.org from August 2017)

From: J.C. Jones via GitHub <sysbot+gh@w3.org>
Date: Wed, 09 Aug 2017 18:12:07 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-249115944-1502302325-sysbot+gh@w3.org>

jcjones has just created a new issue for https://github.com/w3c/webauthn:

== Make U2F Attestation Format "sig" more precise ==
[Section 7.6](https://w3c.github.io/webauthn/#fido-u2f-attestation) defines the syntax of the **sig** field for the U2F Attestation Format as "The attestation signature." The Firefox [implementation chose (incorrectly)](https://bugzilla.mozilla.org/show_bug.cgi?id=1387820) to use the whole U2F signature response, including counter and flags, rather than the bare signature.

It would be good to adjust the language to something akin to "**sig**: The attestation signature alone, without protocol flags or counters."

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/530 using your GitHub account

Received on Wednesday, 9 August 2017 18:12:10 UTC