- From: Emil Lundberg <noreply@github.com>
- Date: Wed, 25 Mar 2026 11:46:14 -0700
- To: public-webauthn@w3.org
Branch: refs/heads/2319-crossoriginprivacy
Home: https://github.com/w3c/webauthn
Commit: 2ec6eaeca682cf632a774e9a9843948e5510c562
https://github.com/w3c/webauthn/commit/2ec6eaeca682cf632a774e9a9843948e5510c562
Author: Emil Lundberg <emil@yubico.com>
Date: 2026-01-14 (Wed, 14 Jan 2026)
Changed paths:
M index.bs
M test-vectors/webauthn-test-vectors.py
Log Message:
-----------
Fix incorrect ASN.1 encoding in android-key test vector
The `attestationSecurityLevel` and `keymintSecurityLevel` values in the
`attestation` extension (OID `1.3.6.1.4.1.11129.2.1.17`) of the attestation
certificate were incorrectly encoded as INTEGER type, but should be ENUMERATED
type.
See: https://github.com/w3c/webauthn/issues/2373
Commit: 6a8e859fc701b8feba1aeaac976f2d639e26405a
https://github.com/w3c/webauthn/commit/6a8e859fc701b8feba1aeaac976f2d639e26405a
Author: Unknown-Robot <carondamien77@hotmail.fr>
Date: 2026-01-23 (Fri, 23 Jan 2026)
Changed paths:
M index.bs
M test-vectors/webauthn-test-vectors.py
Log Message:
-----------
Fix missing ASN.1 values in android-key test vector
The `softwareEnforced` and `teeEnforced` values in the `attestation` extension (OID `1.3.6.1.4.1.11129.2.1.17`) of the generated certificate are currently empty sequences.
However, the WebAuthn Level 3 specification (Verification Procedure for Android Key Attestation) mandates verifying that:
- The value in the `AuthorizationList.origin` field is equal to `KM_ORIGIN_GENERATED`.
- The value in the `AuthorizationList.purpose` field is equal to `KM_PURPOSE_SIGN`.
This commit populates the `teeEnforced` list with these mandatory fields to ensure the test vector complies with the verification procedure for hardware-backed keys.
Commit: c65d2c8dfde89d16250edadcf8d29bda3fd81d5d
https://github.com/w3c/webauthn/commit/c65d2c8dfde89d16250edadcf8d29bda3fd81d5d
Author: Emil Lundberg <emil@yubico.com>
Date: 2026-02-18 (Wed, 18 Feb 2026)
Changed paths:
M index.bs
M test-vectors/webauthn-test-vectors.py
Log Message:
-----------
Merge pull request #2378 from w3c/issue-2373-android-key-test-vectors
Fix incorrect ASN.1 encoding in android-key test vector
Commit: fbdd3fa1e6f9f23f3c2cf2fec261962e1204d48a
https://github.com/w3c/webauthn/commit/fbdd3fa1e6f9f23f3c2cf2fec261962e1204d48a
Author: Emil Lundberg <emil@yubico.com>
Date: 2026-03-19 (Thu, 19 Mar 2026)
Changed paths:
M index.bs
M test-vectors/webauthn-test-vectors.py
Log Message:
-----------
Merge pull request #2379 from Unknown-Robot/fix/android-key-test-vectors
Fix missing ASN.1 values in android-key test vector
Commit: bf72236ef43b63873b464b3e073722fe063c908f
https://github.com/w3c/webauthn/commit/bf72236ef43b63873b464b3e073722fe063c908f
Author: Tim Cappalli <tim@cloudauth.dev>
Date: 2026-03-25 (Wed, 25 Mar 2026)
Changed paths:
M index.bs
Log Message:
-----------
Merge pull request #2391 from w3c/2319-crossoriginprivacy
Privacy considerations for cross-origin usage
Commit: 0c8f49ee29bde8e47a5cd8fcf91b36b8ee11de42
https://github.com/w3c/webauthn/commit/0c8f49ee29bde8e47a5cd8fcf91b36b8ee11de42
Author: Emil Lundberg <emil@yubico.com>
Date: 2026-03-25 (Wed, 25 Mar 2026)
Changed paths:
M index.bs
Log Message:
-----------
Restore inadvertently overwritten change to '[=RP ID=]'
This change in dc655cd0a199deae17cea9eedf4617823192664d was inadvertently
overwritten in fabee8ee0290c01280090d8e4d77afe507d1c937.
Compare: https://github.com/w3c/webauthn/compare/d64c7a06bf94...0c8f49ee29bd
To unsubscribe from these emails, change your notification settings at https://github.com/w3c/webauthn/settings/notifications
Received on Wednesday, 25 March 2026 18:46:18 UTC