W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2017

Re: [webauthn] Packed and U2F Attestation Statements' verifications don't differentiate between Basic and Privacy CA Attestation Types

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Thu, 19 Oct 2017 12:10:20 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-337888194-1508415019-sysbot+gh@w3.org>
In the view point of RP, RP cannot differentiate between Basic and Privacy CA from the attestation data. Since both attestation data have same structure having `x5c`. So, if `x5c` is present, it would be Basic or Privacy CA attestation type. Thus, the verification procedures for both are same.
The thing is that there is no way for RP to know that received attestation is Basic or Privacy type. Sometime, RP may want to get attestation types for evaluate security and privacy risk.

-- 
GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/656#issuecomment-337888194 using your GitHub account
Received on Thursday, 19 October 2017 12:10:22 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC