[webauthn] Need to fix android key attestation verification procedure

Kieun has just created a new issue for https://github.com/w3c/webauthn:

== Need to fix android key attestation verification procedure ==
#546 PR fixes the android attestation generation issue.
The resolution is to change the signing procedure to handle properly android key attestation. But the verification procedure does not reflect these modification.
So, verification procedure should be fixed.
Followings are need to be fixed.
> The value of the attestationChallenge field is identical to the concatenation of authenticatorData and clientDataHash.

In stead,

> The value of the attestationChallenge field is identical to clientDataHash.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/599 using your GitHub account

Received on Friday, 29 September 2017 08:51:35 UTC