Re: [webauthn] FIDO U2F Attestation Statement Format doesn't say what to do with AAGUID from Adam Langley via GitHub on 2017-07-17 (public-webauthn@w3.org from July 2017)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Mon, 17 Jul 2017 18:58:48 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-315849025-1500317926-sysbot+gh@w3.org>

It could, plausibly, be defined as the truncated, SHA-256 hash of the raw, X.509 Subject field of the certificate. (I.e. including the SEQUENCE header so that it's a valid X.509 `Name` structure.)

However, at least some U2F devices have unique serial numbers in them, suggesting that either some complex normalisation needs to be defined, or perhaps that the hash of the Issuer could be used instead.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/506#issuecomment-315849025 using your GitHub account

Received on Monday, 17 July 2017 18:58:54 UTC