Re: [webauthn] Adding Apple Anonymous Attestation Statement Format (#1491) from Jiewen Tan via GitHub on 2020-10-14 (public-webauthn@w3.org from October 2020)

From: Jiewen Tan via GitHub <sysbot+gh@w3.org>
Date: Wed, 14 Oct 2020 18:34:59 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-708585496-1602700498-sysbot+gh@w3.org>

> > In my testing with iPhone on iOS 14, there is an additional "alg" parameter provided within the attStmt body. Is that missing from this specification?
> 
> Oops, I believe it is a bug in the software. The current attestation process should not utilize that parameter at all. The X5C itself should have suggested the algorithm to validate the chain. There was an old/not shipping version that utilize this field. I will remove it. Thanks for catching this bug!

Here is the WebKit issue for your reference: https://bugs.webkit.org/show_bug.cgi?id=217720.

-- 
GitHub Notification of comment by alanwaketan
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1491#issuecomment-708585496 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 14 October 2020 18:35:01 UTC