I agree and we want all the current security assurances from the new scheme also (like able to tie together RPID with the credential in the signature.) We need to see @leshi / @balfanz / @christiaanbrand proposal quickly on this. If I understand it correctly, @balfanz is saying something like this ------------------------------------- Current Attestation Format: alg: COSE Algorithm Identifier Sig: SIGNATURE(Attestation Key, alg, authenticatorData || ClientDataHash) X5C: Attestation Key Cert Chain ------------------------------------- Proposed Attestation Format: alg1: COSE Algorithm Identifier Sig1: SIGNATURE (Created Credential Key, alg1, authenticatorData || ClientDataHash) alg2: COSE Algorithm Identifier Sig2: SIGNATURE (Attestation Key, alg2, Created Credential Public Key in COSE KEY Format) X5C: Attestation Key Cert Chain In case of privacy CA, "Attestation Key" is replaced with "Privacy CA Key" ------------------------------------- -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/issues/584#issuecomment-334351007 using your GitHub accountReceived on Thursday, 5 October 2017 03:46:54 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC