- From: Unknown-Robot via GitHub <noreply@w3.org>
- Date: Mon, 23 Mar 2026 16:45:50 +0000
- To: public-webauthn@w3.org
Unknown-Robot has just submitted a new pull request for https://github.com/w3c/webauthn: == Add software-enforced android-key test vector == ## Context This PR adds a dedicated test vector to allow relying parties to test the rejection of software-backed keys when a Trusted Execution Environment (TEE) is strictly required. The WebAuthn Level 3 specification (Verification Procedure for Android Key Attestation) mandates: > For the following, use only the teeEnforced authorization list if the RP wants to accept only keys from a trusted execution environment, otherwise use the union of teeEnforced and softwareEnforced. ## Changes - Updated `webauthn-test-vectors.py` to dynamically inject the `AuthorizationList` into either the `softwareEnforced` or `hardwareEnforced` sequence based on an `enforcement` argument. ## Notes to Maintainers My previous contribution (PR [#2379]) which added the base `teeEnforced` and `softwareEnforced` structures was merged into `L3-CR`. Since that code has not yet been merged to `main`, this PR includes those base ASN.1 structures alongside the new `softwareEnforced` test vector, targeting `main`. See https://github.com/w3c/webauthn/pull/2397 -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 23 March 2026 16:45:50 UTC