- From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
- Date: Thu, 05 Oct 2017 03:47:05 +0000
- To: public-webauthn@w3.org
I agree and we want all the current security assurances from the new scheme also (like able to tie together RPID with the credential in the signature.) We need to see @leshi / @balfanz / @christiaanbrand proposal quickly on this. If I understand it correctly, @balfanz is saying something like this ------------------------------------- Current Attestation Format: alg: COSE Algorithm Identifier Sig: SIGNATURE(Attestation Key, alg, authenticatorData || ClientDataHash) X5C: Attestation Key Cert Chain ------------------------------------- Proposed Attestation Format: alg1: COSE Algorithm Identifier Sig1: SIGNATURE (Created Credential Key, alg1, authenticatorData || ClientDataHash) alg2: COSE Algorithm Identifier Sig2: SIGNATURE (Attestation Key, alg2, Created Credential Public Key in COSE KEY Format) X5C: Attestation Key Cert Chain In case of privacy CA, "Attestation Key" is replaced with "Privacy CA Key" ------------------------------------- -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/issues/584#issuecomment-334351007 using your GitHub account
Received on Thursday, 5 October 2017 03:46:54 UTC