- From: Arnar Birgisson via GitHub <sysbot+gh@w3.org>
- Date: Fri, 27 Jan 2023 22:37:48 +0000
- To: public-webauthn@w3.org
The trust model for Android Key Attestation is most certainly that of basic (batch keys), not AnonCA. Android Key Attestation do not contact any Anonymization CA, and two credentials from the same device will share the same attestation key (as the whole batch of devices), which is the signing key for the leaf certificate. In regular (e.g. U2F-style, aka packed) attestation, the batch attestation key is the _subject_ key of the leaf certificate, and is used to sign the concatenation of authenticatorData (which includes the subject key) and the clientDataHash. However, Android Key Attestation APIs do not allow arbitrary signatures with the attestation key. It can only return an X.509 certificate, where the key being attested is the subject key. To maintain some parallels with the packed format (and therefore reuse implementations), we thus designed the Android Keys Attestation to simply use that certificate as the leaf cert, and "self sign" the normal concatenation with the newly generated SubjectPublicKey. (The Android Key Attestation API does allow us to specify an arbitrary challenge (which is set to the clientDataHash), so an alternative design choice would have been to put the concatenation there. But this would have made the format more different from packed.) Side note: IMO the intent of the wording "dynamically generates per-credentialattestation certificates" in the spec is maybe imprecise, because I think it is really making the point that credentials from the same device wont use the same attestation. -- GitHub Notification of comment by arnar Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1819#issuecomment-1407155522 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 27 January 2023 22:37:50 UTC