[webauthn] Justify differences in TPM Attestation Verification procedures in WebAuthn versus TCG specifications from gmandyam via GitHub on 2017-03-07 (public-webauthn@w3.org from March 2017)

From: gmandyam via GitHub <sysbot+gh@w3.org>
Date: Tue, 07 Mar 2017 00:46:19 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-212296396-1488847578-sysbot+gh@w3.org>

gmandyam has just created a new issue for https://github.com/w3c/webauthn:

== Justify differences in TPM Attestation Verification procedures in WebAuthn versus TCG specifications ==
As per reference [TPMv2-Part1], Section 31.2, a 'Standard Attestation Structure' is defined.  Several of the defined fields are not reflected in verification procedures (e.g. QualifiedSigner, clockInfo, firmwareVersion) in Sec. 7.3 of Webauthn (WD-04).  The text should at least highlight why a verifier can ignore these fields, and whether an attestation without these fields should be considered invalid.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/372 using your GitHub account

Received on Tuesday, 7 March 2017 00:46:25 UTC