Skip to content

Commit

Permalink
Update index.bs
Browse files Browse the repository at this point in the history 
agreed

Co-authored-by: Emil Lundberg <emil@emlun.se>
  • Loading branch information
@sbweeden @emlun
sbweeden and emlun committed Nov 29, 2023
1 parent d13f46a commit 73eb670
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions index.bs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5888,8 +5888,10 @@ The attestation certificate MUST have the following fields/extensions:

- If the related attestation root certificate is used for multiple authenticator models, the Extension OID
`1.3.6.1.4.1.45724.1.1.4` (`id-fido-gen-ce-aaguid`) MUST be present, containing the AAGUID as a 16-byte OCTET STRING.
The extension MUST NOT be marked as critical. As [=Relying Parties=] may not know if the attestation root
certificate is used for multiple authenticator models, it is suggested that [=Relying Parties=] check if the extension
The extension MUST NOT be marked as critical.

As [=[RPS]=] may not know if the attestation root
certificate is used for multiple authenticator models, it is suggested that [=[RPS]=] check if the extension
is present, and if it is, then validate that it contains that same AAGUID as presented in the [=attestation object=].

Note that an X.509 Extension encodes the DER-encoding of the value in an OCTET STRING.
Expand Down

0 comments on commit 73eb670

Please sign in to comment.