- From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
- Date: Tue, 14 Nov 2017 17:18:16 +0000
- To: public-webauthn@w3.org
akshayku has just created a new issue for https://github.com/w3c/webauthn: == TPM Attestation Statement Format: Missing COSE Key algorithm Identifier and clarification. == Many TPM attestations implementations ONLY supports RSASSA-PKCS1-v1_5 w/SHA1 and there is no COSE algorithm identifier defined currently. Here is the proposed addition to list of COSE algorithms. - Name: RS1 - Value: -262 (This is the next value in this section.) - Description: RSASSA-PKCS1-v1_5 w/ SHA1. Applicable to some current implementations of TPM 2.0 attestation signatures. - Reference: Section 8.2 of [RFC8017] - Recommended: No Clarification to attToBeSigned in https://w3c.github.io/webauthn/#tpm-attestation Existing sentence: - Generate a signature using the procedure specified in [TPMv2-Part3] Section 18.2, using the attestation private key and setting the `qualifyingData` parameter to attToBeSigned. This qualifyingData is also called extraData in the TPM Spec where it is has the following definition: - extraData : TPM2B_DATA external information supplied by caller. NOTE A TPM2B_DATA structure **provides room for a digest** and a method indicator to indicate the components of the digest. The definition of this method indicator is outside the scope of this specification. Proposed change: - Generate a signature using the procedure specified in [TPMv2-Part3] Section 18.2, using the attestation private key and setting the **extraData parameter to the digest of the attToBeSigned using the hash algorithm corresponding to the “alg” signature algorithm. For RS256 this would be a SHA256 digest.** Please view or discuss this issue at https://github.com/w3c/webauthn/issues/689 using your GitHub account
Received on Tuesday, 14 November 2017 17:18:22 UTC