Re: [webauthn] Ambiguous instructions in the Android Key Attestation Statement Format verification procedure (#1980) from Arnar Birgisson via GitHub on 2024-09-24 (public-webauthn@w3.org from September 2024)

From: Arnar Birgisson via GitHub <sysbot+gh@w3.org>
Date: Tue, 24 Sep 2024 16:48:59 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2371819036-1727196536-sysbot+gh@w3.org>

> I'll double check if this is actually a valid scenario.

This was inconclusive, but it doesn't matter here. RPs that care about TEE enforcement should check for the properties only on the teeEnforced list, otherwise check for the properties on the union of the two lists teeEnforced and softwareEnforced.

That is what the spec says currently without ambiguity I think, so closing this as per WG meeting discussion at TPAC today.

-- 
GitHub Notification of comment by arnar
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1980#issuecomment-2371819036 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 24 September 2024 16:49:00 UTC