W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

Re: [webauthn] Make packed attestation format Privacy CA-friendly

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Thu, 05 Oct 2017 03:47:05 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-334351007-1507175211-sysbot+gh@w3.org>
I agree and we want all the current security assurances from the new scheme also (like able to tie together RPID with the credential in the signature.)

We need to see @leshi / @balfanz  / @christiaanbrand  proposal quickly on this. 

If I understand it correctly, @balfanz is saying something like this

-------------------------------------
Current Attestation Format:
alg: COSE Algorithm Identifier
Sig: SIGNATURE(Attestation Key, alg, authenticatorData || ClientDataHash)
X5C: Attestation Key Cert Chain

-------------------------------------
Proposed Attestation Format:
alg1: COSE Algorithm Identifier
Sig1: SIGNATURE (Created Credential Key, alg1, authenticatorData || ClientDataHash)
alg2: COSE Algorithm Identifier
Sig2: SIGNATURE (Attestation Key, alg2, Created Credential Public Key in COSE KEY Format)
X5C: Attestation Key Cert Chain

In case of privacy CA, "Attestation Key" is replaced with "Privacy CA Key"

-------------------------------------


-- 
GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/584#issuecomment-334351007 using your GitHub account
Received on Thursday, 5 October 2017 03:46:54 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC