[webauthn] Inconsistent display formats for OIDs (#1504)

emlun has just created a new issue for https://github.com/w3c/webauthn:

== Inconsistent display formats for OIDs ==
The spec currently displays X.509 OIDs in at least three different ways, and after PR #1491 there will be four:


- [§8.2. Packed Attestation Statement Format](https://w3c.github.io/webauthn/#sctn-packed-attestation):

  ```
  - If |attestnCert| contains an extension with OID 1.3.6.1.4.1.45724.1.1.4 (`id-fido-gen-ce-aaguid`) verify [...]
  ```

- [§8.3. TPM Attestation Statement Format](https://w3c.github.io/webauthn/#sctn-tpm-attestation):

  ```
  - If |aikCert| contains an extension with OID `1 3 6 1 4 1 45724 1 1 4` (id-fido-gen-ce-aaguid) verify [...]
  ```

- [§8.4.1. Android Key Attestation Statement Certificate Requirements](https://w3c.github.io/webauthn/#sctn-key-attstn-cert-requirements):

  ```
  Android Key Attestation [=attestation certificate=]'s <dfn>android key attestation certificate extension
  data</dfn> is identified by the OID "1.3.6.1.4.1.11129.2.1.17", and its schema [...]
  ```

- (PR #1491) [§8.8. Apple Anonymous Attestation Statement Format](https://w3c.github.io/webauthn/#sctn-apple-anonymous-attestation):

  ```
  4. Let Apple anonymous attestation CA generate an X.509 certificate for the
    [=credential public key=] and include the |nonce| as a certificate extension
    with OID ( 1.2.840.113635.100.8.2 ). [...]
  ```

We should standardize on one display format. I propose we use "code quotes" like this for both the OID and, if available, its name:

```
- If |attestnCert| contains an extension with OID `1.3.6.1.4.1.45724.1.1.4` (`id-fido-gen-ce-aaguid`) verify [...]
```


Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1504 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 21 October 2020 18:46:30 UTC