- From: Bart via GitHub <sysbot+gh@w3.org>
- Date: Wed, 06 Mar 2019 15:39:23 +0000
- To: public-webauthn@w3.org
Hi @emlun you're absolutely right, I missed that 🤦♂️ thanks! I'm thinking the wording might be a little more clear to use the same terms as the attestation statement format verification procedures. E.g. reword step 16 to something like: > 16. Assess the attestation trustworthiness using the outputs of the verification procedure in step 14, as follows: > > * If no attestation was provided, verify that None attestation is acceptable under Relying Party policy. > * If self attestation was used, verify that self attestation is acceptable under Relying Party policy. > * If ECDAA was used, verify that the identifier of the ECDAA-Issuer public key returned in the attestation trust path is included in the set of acceptable trust anchors obtained in step 15. > * Otherwise, use the X.509 certificates returned in the attestation trust path to verify that the attestation public key correctly chains up to an acceptable root certificate. WDYT? -- GitHub Notification of comment by bdewater Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1167#issuecomment-470155337 using your GitHub account
Received on Wednesday, 6 March 2019 15:39:24 UTC