Re: [webauthn] Android-key attestation format should include guidance on checks for timestampMs in the jws payload

Consideration is ok, however this seems to be a perfectly sensible test so I would recommend it be included as a validation step. There is really no reason not to. It almost seems like oversight that it was not included when the webauthn spec was written.


-- 
GitHub Notification of comment by sbweeden
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1035#issuecomment-413023828 using your GitHub account

Received on Tuesday, 14 August 2018 21:34:01 UTC