Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Implement U2F attestation certificate validation #218
Enrollment is most unsecured process. In order to protect enrollment response U2F uses attestation certificate to sign enrollment request user public key, keyHandle, etc.
According to the spec U2F device put public attestation certificate into response and sign registration challenge by private attestation certificate.
In order to make sure that we trust specified attestation certificate we must do certificate validation: expiration, path, ocsp, crls.
We need to add oxAuth configuration property to allow enable specified attestation cert validation