W3C home > Mailing lists > Public > public-webauthn@w3.org > March 2021

[webauthn] Closed Pull Request: Explicitly restrict NONE aaguid to none attestation only

From: Ackermann Yuriy via GitHub <sysbot+gh@w3.org>
Date: Wed, 31 Mar 2021 19:22:37 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.closed-600414465-1617218555-sysbot+gh@w3.org>
herrjemand has just closed herrjemand's pull request 1588 for https://github.com/w3c/webauthn:

== Explicitly restrict NONE aaguid to none attestation only ==
AAGUID 00000000-0000-0000-0000-000000000000 must not be reused by any other attestation.

Apple has recently fixed that (Thank you Jiewen), so we should be explicit with intent of that AAGUID.

Ref:
https://github.com/WebKit/WebKit/blob/b133f3082ab5f5c409915ef3aafaa2ee15196d6d/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm
https://bugs.webkit.org/show_bug.cgi?id=217945

cc: @sbweeden


<!--
    This comment and the below content is programatically generated.
    You may add a comma-separated list of anchors you'd like a
    direct link to below (e.g. #idl-serializers, #idl-sequence):

    Don't remove this comment or modify anything below this line.
    If you don't want a preview generated for this pull request,
    just replace the whole of this comment's content by "no preview"
    and remove what's below.
-->
***
<a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/pull/1588.html" title="Last updated on Mar 25, 2021, 9:06 AM UTC (8e2194b)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/webauthn/1588/9ce4288...8e2194b.html" title="Last updated on Mar 25, 2021, 9:06 AM UTC (8e2194b)">Diff</a>

See https://github.com/w3c/webauthn/pull/1588


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 31 March 2021 19:22:39 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:43 UTC