W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2018

Re: [webauthn] Attestation validation issues

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Fri, 15 Jun 2018 16:54:00 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-397681310-1529081639-sysbot+gh@w3.org>
The [packed][packed] format has the same issue with unclear use of `x5c`.

If we feel it's worthwhile, we could also touch up the android-key and fido-u2f verification procedures. android-key uses a verbose "the first certificate in `x5c`" wording everywhere, and fido-u2f introduces a new `attCert` name instead of reusing the `attestnCert` name defined in the syntax definition. None of these _necessitate_ a change, though. Should I do that?

[packed]: https://w3c.github.io/webauthn/#packed-attestation

GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/950#issuecomment-397681310 using your GitHub account
Received on Friday, 15 June 2018 16:54:03 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC