- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Thu, 25 Mar 2021 14:34:01 +0000
- To: public-webauthn@w3.org
> A U2F authenticator doesn't return a zero AAGUID, rather the client inserts that as part of constructing the attested credential data structure. I'm glad you mention this because I was reimplementing FIDO-U2F verification a couple of weeks back and couldn't figure out _why_ a zero AAGUID check was in the list of steps. I did some searching around and could only find some off-handed comment that led me to believe it was something FIDO-related but that was it. I'd support including something like this bit in those verification steps for some additional context to help make some more sense of it. -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/pull/1588#issuecomment-806860968 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 25 March 2021 14:34:03 UTC