New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement U2F attestation certificate validation #218

Open
yurem opened this Issue May 13, 2016 · 0 comments

Comments

Projects
None yet
2 participants
@yurem
Contributor

yurem commented May 13, 2016

Enrollment is most unsecured process. In order to protect enrollment response U2F uses attestation certificate to sign enrollment request user public key, keyHandle, etc.

According to the spec U2F device put public attestation certificate into response and sign registration challenge by private attestation certificate.

In order to make sure that we trust specified attestation certificate we must do certificate validation: expiration, path, ocsp, crls.
We have code in oxAuth which can do this validation already: https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations/cert

We need to add oxAuth configuration property to allow enable specified attestation cert validation

@yurem yurem added the enhancement label May 13, 2016

@nynymike nynymike added this to the CE 3.2.0 milestone May 10, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment