Clarify the U2F attestation verification. (#1280)

Fixes #1279.
w3c · Aug 21, 2019 · 0cc6d70 · 0cc6d70
1 parent ea9d4a8
commit 0cc6d70
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/index.bs b/index.bs
@@ -4672,7 +4672,7 @@ This attestation statement format is used with FIDO U2F authenticators using the
             Note: This signifies uncompressed ECC key format.
     1. Let |verificationData| be the concatenation of (0x00 || |rpIdHash| ||
         |clientDataHash| || |credentialId| || |publicKeyU2F|) (see [=Section 4.3=] of [[!FIDO-U2F-Message-Formats]]).
-    1. Verify the |sig| using |verificationData| and |certificate public key| per [[!SEC1]].
+    1. Verify the |sig| using |verificationData| and the |certificate public key| per section 4.1.4 of [[!SEC1]] with SHA-256 as the hash function used in step two.
     1. Optionally, inspect |x5c| and consult externally provided knowledge to determine whether |attStmt| conveys a [=Basic=] or
         [=AttCA=] attestation.
     1. If successful, return implementation-specific values representing [=attestation type=] [=Basic=], [=AttCA=] or uncertainty,