- From: DannyNiu/NJF via GitHub <sysbot+gh@w3.org>
- Date: Wed, 28 Feb 2024 11:27:08 +0000
- To: public-webauthn@w3.org
dannyniu has just created a new issue for https://github.com/w3c/webauthn:
== Numbering in the step needs update in 7.1. Registering a New Credential ==
Step 24 in Section 7.1. Registering a New Credential refers to Step 21 and 22 for verification result and trust path respectively, where those are changed and are step 22 and 23 now.
## Proposed Change
24. Assess the attestation trustworthiness using the outputs of the [verification procedure](https://w3c.github.io/webauthn/#verification-procedure) in [step **22**](https://w3c.github.io/webauthn/#reg-ceremony-verify-attestation), as follows:
If [no attestation](https://w3c.github.io/webauthn/#none) was provided, verify that [None](https://w3c.github.io/webauthn/#none) attestation is acceptable under [Relying Party](https://w3c.github.io/webauthn/#relying-party) policy.
If [self attestation](https://w3c.github.io/webauthn/#self-attestation) was used, verify that [self attestation](https://w3c.github.io/webauthn/#self-attestation) is acceptable under [Relying Party](https://w3c.github.io/webauthn/#relying-party) policy.
Otherwise, use the X.509 certificates returned as the [attestation trust path](https://w3c.github.io/webauthn/#attestation-trust-path) from the [verification procedure](https://w3c.github.io/webauthn/#verification-procedure) to verify that the attestation public key either correctly chains up to an acceptable root certificate, or is itself an acceptable certificate (i.e., it and the root certificate obtained in [Step **23**](https://w3c.github.io/webauthn/#reg-ceremony-attestation-trust-anchors) may be the same).
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2030 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 28 February 2024 11:27:10 UTC