W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2018

[webauthn] Attestation validation issues

From: Adam Powers via GitHub <sysbot+gh@w3.org>
Date: Wed, 13 Jun 2018 23:51:10 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-332204476-1528933869-sysbot+gh@w3.org>
apowers313 has just created a new issue for https://github.com/w3c/webauthn:

== Attestation validation issues ==
[TPM](https://www.w3.org/TR/webauthn/#tpm-attestation):
* Doesn't mention to validate the x5c chain or where to find the root of trust
* Statements like `Verify that x5c` or `If x5c contains an extension` are unclear whether they are referring to "attestation public key in x5c" or "all certificates in x5c".

[Android SafetyNet](https://www.w3.org/TR/webauthn/#android-safetynet-attestation):
* Doesn't mention to validate the x5c chain or where to find the root of trust
* Doesn't mention to validate the JWS signature

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/950 using your GitHub account
Received on Wednesday, 13 June 2018 23:51:12 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC