[webauthn] Confused About What To Do With Attestation Trust Paths (#1662) from DanielSanchezDiaz via GitHub on 2021-08-11 (public-webauthn@w3.org from August 2021)

From: DanielSanchezDiaz via GitHub <sysbot+gh@w3.org>
Date: Wed, 11 Aug 2021 01:12:26 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-965647605-1628644344-sysbot+gh@w3.org>

DanielSanchezDiaz has just created a new issue for https://github.com/w3c/webauthn:

== Confused About What To Do With Attestation Trust Paths ==
Hello! I was a bit confused by step 21 in registering a new credential.
"Otherwise, use the X.509 certificates returned as the attestation trust path from the verification procedure to verify that the attestation public key either correctly chains up to an acceptable root certificate, or is itself an acceptable certificate (i.e., it and the root certificate obtained in Step 20 may be the same)."
How do we know we've reached an acceptable root certificate?
Do we need to make sure that the root certificate follows the format outlined in 8.2.1?
I believe I understand how to check if the attestation public key and the root certificate are the same. Are there other ways to see if an attestation is itself an acceptable certificate?
Thanks so much!

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1662 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 11 August 2021 01:12:27 UTC