[webauthn] Android-key attestation format should include guidance on checks for timestampMs in the jws payload from Shane Weeden via GitHub on 2018-08-11 (public-webauthn@w3.org from August 2018)

From: Shane Weeden via GitHub <sysbot+gh@w3.org>
Date: Sat, 11 Aug 2018 11:15:15 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-349726852-1533986114-sysbot+gh@w3.org>

sbweeden has just created a new issue for https://github.com/w3c/webauthn:

== Android-key attestation format should include guidance on checks for timestampMs in the jws payload ==
The FIDO interop tests require that checks be done on the timestamp - that it is not in the future, and that it is not older than a minute. If this is a required/recommended check, it should be included in the webauthn guidance for validation of android-safetynet attestations.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1035 using your GitHub account

Received on Saturday, 11 August 2018 11:15:17 UTC