Re: [webauthn] Packed and U2F Attestation Statements' verifications don't differentiate between Basic and Privacy CA Attestation Types

In the view point of RP, RP cannot differentiate between Basic and Privacy CA from the attestation data. Since both attestation data have same structure having `x5c`. So, if `x5c` is present, it would be Basic or Privacy CA attestation type. Thus, the verification procedures for both are same.
The thing is that there is no way for RP to know that received attestation is Basic or Privacy type. Sometime, RP may want to get attestation types for evaluate security and privacy risk.

-- 
GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/656#issuecomment-337888194 using your GitHub account

Received on Thursday, 19 October 2017 12:10:22 UTC