W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2017

Re: [webauthn] FIDO U2F Attestation Statement Format doesn't say what to do with AAGUID

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Mon, 17 Jul 2017 18:58:48 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-315849025-1500317926-sysbot+gh@w3.org>
It could, plausibly, be defined as the truncated, SHA-256 hash of the raw, X.509 Subject field of the certificate. (I.e. including the SEQUENCE header so that it's a valid X.509 `Name` structure.)

However, at least some U2F devices have unique serial numbers in them, suggesting that either some complex normalisation needs to be defined, or perhaps that the hash of the Issuer could be used instead.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/506#issuecomment-315849025 using your GitHub account
Received on Monday, 17 July 2017 18:58:54 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:26 UTC