Re: [webauthn] Define how to verify the attestation certificate

X.509 certificate-chain validation was designed to help Relying Parties (RP) in the Public Key Infrastructure-space to determine whether the end-entity certificate presented to them in the transaction presents an acceptable risk.  That this is an arduous process that has very few implementations in the business world - and virtually, none, in the consumer-space - is a reflection of the complexity and challenges in working with digital certificates.  The RP's risk still remains regardless of whether the authentication scheme is TLS-ClientAuth or FIDO.

The Attestation certificate in a FIDO Registration is intended to provide the RP a fair amount of information on whether the FIDO public-key being presented in the transaction is an acceptable risk.  If the RP does **not** perform adequate certificate-chain validation to determine that risk, then the logical conclusion one may draw from this is that either the RP does **not** engage in business transactions that present much risk to the RP (perhaps a web-page to sign-up for volunteer efforts at the local Parent Teacher's Association) and merely wants to eliminate the hassle of having a password database - or the RP is ignorant of the risk of ignoring the Attestation Certificate (AC).  This, of course, assumes that the manufacturer of the FIDO Authenticator knew what they were doing when they created the Attestation Certificate and its chain (and are also following up on doing the right thing in providing information to the world on their certification policy/practices, and revocation status of the AC).

IMO, there is no reason for the FIDO Alliance or the W3C to provide any more information on how to perform cert-chain validation, and how to make risk-decisions based on such validation - there is more than enough information published on this topic, including open-source code on how to perform PKIX-validation.    Discouraging RPs from performing adequate cert-chain validation is equivalent to discouraging them to obey traffic lights at an intersection.

If an RP is knowledgeable about public-key cryptography, digital certificates and cert-chain validation, then they have a basis to avoid a failure in their implementation of the protocol; otherwise, to dive into FIDO with little knowledge about their responsibilities, is to merely replace a password-based breach with a FIDO-based breach in due course.

Arshad Noor
StrongAuth, Inc.

GitHub Notification of comment by arshadnoor
Please view or discuss this issue at using your GitHub account

Received on Sunday, 15 October 2017 22:42:48 UTC