W3C home > Mailing lists > Public > public-webauthn@w3.org > August 2018

[webauthn] Android-key attestation format should include guidance on checks for timestampMs in the jws payload

From: Shane Weeden via GitHub <sysbot+gh@w3.org>
Date: Sat, 11 Aug 2018 11:15:15 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-349726852-1533986114-sysbot+gh@w3.org>
sbweeden has just created a new issue for https://github.com/w3c/webauthn:

== Android-key attestation format should include guidance on checks for timestampMs in the jws payload ==
The FIDO interop tests require that checks be done on the timestamp - that it is not in the future, and that it is not older than a minute. If this is a required/recommended check, it should be included in the webauthn guidance for validation of android-safetynet attestations.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1035 using your GitHub account
Received on Saturday, 11 August 2018 11:15:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:54 UTC