W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2020

[webauthn] KeyUsage requirement (Certificate Signing or empty) for attestation roots (#1519)

From: Billy Jack via GitHub <sysbot+gh@w3.org>
Date: Mon, 16 Nov 2020 20:10:33 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-744147409-1605557431-sysbot+gh@w3.org>
xbillyj has just created a new issue for https://github.com/w3c/webauthn:

== KeyUsage requirement (Certificate Signing or empty) for attestation roots ==
RP chain build validation of attestation statements can fail if the Key Usage extension is present and does not include "Certificate Signing".

See https://github.com/fido-alliance/mds-ops/issues/4 for related issue. Goal is to avoid vendors errantly publishing roots with non-empty KeyUsage that does not include Certificate Signing.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1519 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 16 November 2020 20:10:34 UTC

This archive was generated by hypermail 2.4.0 : Monday, 16 November 2020 20:10:35 UTC