Re: [webauthn] TPM Attestation Statement Format: Missing COSE Key algorithm Identifier and clarification. from Mike Jones via GitHub on 2017-11-15 (public-webauthn@w3.org from November 2017)

From: Mike Jones via GitHub <sysbot+gh@w3.org>
Date: Wed, 15 Nov 2017 09:42:26 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-344538936-1510738944-sysbot+gh@w3.org>

The corresponding validation procedure currently includes:
Verify that `extraData` is set to |attToBeSigned|.

Should this be changed to:
Verify that `extraData` is set to the hash of |attToBeSigned| using the hash algorithm employed in "alg".

It seems like this would be required to be consistent with the signing procedure.




-- 
GitHub Notification of comment by selfissued
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/689#issuecomment-344538936 using your GitHub account

Received on Wednesday, 15 November 2017 09:42:28 UTC