jyasskin has just created a new issue for https://github.com/w3c/webauthn: == Add acceptable trust anchors to AuthenticatorSelectionCriteria == In order to accept a created credential, Relying Parties are told in [Registering a new credential](https://w3c.github.io/webauthn/#registering-a-new-credential) to: > 12. Assess the attestation trustworthiness using the outputs of the verification procedure in step 10, as follows: > * If self-attestation was used, check if self-attestation is acceptable under Relying Party policy. > * If ECDAA was used, verify that the identifier of the ECDAA-Issuer public key used is included in the set of acceptable trust anchors obtained in step 11. > * Otherwise, use the X.509 certificates returned by the verification procedure to verify that the attestation public key correctly chains up to an acceptable root certificate. However, without an addition to the [AuthenticatorSelectionCriteria](https://w3c.github.io/webauthn/#authenticatorSelection), the user can't get any indication from their Client about which authenticators will be attested by an acceptable trust anchor. @gmandyam's issues #445, #446, and #447 all depend on this, since the RP can't trust any of those protection claims without a trusted attestation. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/461 using your GitHub accountReceived on Thursday, 11 May 2017 19:31:45 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:38:21 UTC