- From: Adam Powers via GitHub <sysbot+gh@w3.org>
- Date: Thu, 29 Mar 2018 15:47:31 +0000
- To: public-webauthn@w3.org
apowers313 has just created a new issue for https://github.com/w3c/webauthn: == Clarify U2F attestation verification == Step 4 of the [U2F attestation verification procedure](https://w3c.github.io/webauthn/#fido-u2f-attestation) could use some clarification: > Convert the COSE_KEY formatted credentialPublicKey (see Section 7 of [RFC8152]) to CTAP1/U2F public Key format [FIDO-CTAP]. Suggest adding "Section XYZ of [FIDO-CTAP]. CTAP is a big spec and it's not immediately clear that there's actually any section that defines a public key format. > * Let publicKeyU2F represent the result of the conversion operation and set its first byte to 0x04. Note: This signifies uncompressed ECC key format. > * Extract the value corresponding to the "-2" key (representing x coordinate) from credentialPublicKey, confirm its size to be of 32 bytes and concatenate it with publicKeyU2F. If size differs or "-2" key is not found, terminate this algorithm and return an appropriate error. > * Extract the value corresponding to the "-3" key (representing y coordinate) from credentialPublicKey, confirm its size to be of 32 bytes and concatenate it with publicKeyU2F. If size differs or "-3" key is not found, terminate this algorithm and return an appropriate error. I think a final bullet should be added stating `Let publicKeyU2F be the concatenation of (0x04 || x || y).` Please view or discuss this issue at https://github.com/w3c/webauthn/issues/857 using your GitHub account
Received on Thursday, 29 March 2018 15:47:37 UTC