Re: [webauthn] U2F Attestation Statement Format does not define "self attestation" steps from Emil Lundberg via GitHub on 2018-02-06 (public-webauthn@w3.org from February 2018)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Tue, 06 Feb 2018 19:51:06 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-363543967-1517946665-sysbot+gh@w3.org>

Well, _technically_ self attestation is just a special case of basic attestation with an anonymous attestation public key. So everything an authenticator needs to do for self attestation is also possible as a basic attestation - you just have to jump through a few more hoops to do it, which all U2F authenticators necessarily do already because U2F only supports x5c certificates for delivering the attestation public key.

So I think it should be safe to drop the self attestation type from the fido-u2f format.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/745#issuecomment-363543967 using your GitHub account

Received on Tuesday, 6 February 2018 19:51:13 UTC