- From: Yoshikazu Nojima via GitHub <sysbot+gh@w3.org>
- Date: Sun, 18 Mar 2018 14:37:20 +0000
- To: public-webauthn@w3.org
ynojima has just created a new issue for https://github.com/w3c/webauthn: == Assertion signature verification procedure defined in Section 7.2 doesn't fit for the signature generated by FIDO-U2F token. == WebAuthn signature generation procedure is not equal to that of FIDO-U2F. [1] Assertion signature verification procedure defined in Section 7.2 doesn't fit for the signature generated by FIDO-U2F token. The spec should denote that the assertion generated by FIDO-U2F token should be verified in the manner defined in the FIDO-U2F spec. [1] The web authentication spec defines that the signature is generated over the concatenation of the authenticator data and the hash of the serialized client data (See https://w3c.github.io/webauthn/#op-get-assertion), but FIDO U2F defines that the signature is generated over the following source: - The application parameter [32 bytes] from the authentication request message. - The user presence byte [1 byte]. - The counter [4 bytes]. - The challenge parameter [32 bytes] from the authentication request message. (See https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-raw-message-formats-v1.1-id-20160915.html#authentication-response-message-success) Please view or discuss this issue at https://github.com/w3c/webauthn/issues/845 using your GitHub account
Received on Sunday, 18 March 2018 14:37:22 UTC