- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Mon, 11 Sep 2017 11:12:45 +0000
- To: public-webauthn@w3.org
Now the spec instead doesn't say how to detect when the `fido-u2f` attestation statement format uses self attestation. It seems like that would be when `attStmt.x5c[0]` is self-signed, correct? Either way I think the verification procedure in [§7.6][1] should make some mention of self attestation, as currently - the only occurence of the word "self" in §7.6 is in the list of supported attestation types; and - the final step of the verification procedure says to always return attestation type Basic. While this is technically correct as the returned `x5c` is indeed the entire trust path, it is confusing. [1]: https://www.w3.org/TR/webauthn/#fido-u2f-attestation -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/392#issuecomment-328498164 using your GitHub account
Received on Monday, 11 September 2017 11:12:39 UTC