W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

Re: [webauthn] Make packed attestation format Privacy CA-friendly

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Thu, 05 Oct 2017 03:47:05 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-334351007-1507175211-sysbot+gh@w3.org>
I agree and we want all the current security assurances from the new scheme also (like able to tie together RPID with the credential in the signature.)

We need to see @leshi / @balfanz  / @christiaanbrand  proposal quickly on this. 

If I understand it correctly, @balfanz is saying something like this

Current Attestation Format:
alg: COSE Algorithm Identifier
Sig: SIGNATURE(Attestation Key, alg, authenticatorData || ClientDataHash)
X5C: Attestation Key Cert Chain

Proposed Attestation Format:
alg1: COSE Algorithm Identifier
Sig1: SIGNATURE (Created Credential Key, alg1, authenticatorData || ClientDataHash)
alg2: COSE Algorithm Identifier
Sig2: SIGNATURE (Attestation Key, alg2, Created Credential Public Key in COSE KEY Format)
X5C: Attestation Key Cert Chain

In case of privacy CA, "Attestation Key" is replaced with "Privacy CA Key"


GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/584#issuecomment-334351007 using your GitHub account
Received on Thursday, 5 October 2017 03:46:54 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC