Re: [webauthn] FIDO U2F Attestation Statement Format doesn't say what to do with AAGUID

It could, plausibly, be defined as the truncated, SHA-256 hash of the raw, X.509 Subject field of the certificate. (I.e. including the SEQUENCE header so that it's a valid X.509 `Name` structure.)

However, at least some U2F devices have unique serial numbers in them, suggesting that either some complex normalisation needs to be defined, or perhaps that the hash of the Issuer could be used instead.

-- 
GitHub Notification of comment by agl
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/506#issuecomment-315849025 using your GitHub account

Received on Monday, 17 July 2017 18:58:54 UTC