Display OIDs consistently

w3c · Oct 28, 2020 · 7f8fe06 · 7f8fe06
1 parent 87ca0fe
commit 7f8fe06
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/index.bs b/index.bs
@@ -4729,7 +4729,7 @@ implementable by [=authenticators=] with limited resources (e.g., secure element
             - Verify that |sig| is a valid signature over the concatenation of |authenticatorData| and |clientDataHash| using the
                 attestation public key in |attestnCert| with the algorithm specified in |alg|.
             - Verify that |attestnCert| meets the requirements in [[#sctn-packed-attestation-cert-requirements]].
-            - If |attestnCert| contains an extension with OID 1.3.6.1.4.1.45724.1.1.4 (`id-fido-gen-ce-aaguid`) verify that the
+            - If |attestnCert| contains an extension with OID `1.3.6.1.4.1.45724.1.1.4` (`id-fido-gen-ce-aaguid`) verify that the
                 value of this extension matches the <code>[=aaguid=]</code> in |authenticatorData|.
             - Optionally, inspect |x5c| and consult externally provided knowledge to determine whether |attStmt| conveys a
                 [=Basic=] or [=AttCA=] attestation.
@@ -4760,7 +4760,7 @@ The attestation certificate MUST have the following fields/extensions:
     :: A UTF8String of the vendor's choosing
 
 - If the related attestation root certificate is used for multiple authenticator models, the Extension OID
-    1.3.6.1.4.1.45724.1.1.4 (`id-fido-gen-ce-aaguid`) MUST be present, containing the AAGUID as a 16-byte OCTET STRING.
+    `1.3.6.1.4.1.45724.1.1.4` (`id-fido-gen-ce-aaguid`) MUST be present, containing the AAGUID as a 16-byte OCTET STRING.
     The extension MUST NOT be marked as critical.
 
     Note that an X.509 Extension encodes the DER-encoding of the value in an OCTET STRING.
@@ -4878,7 +4878,7 @@ engine.
     - Verify the |sig| is a valid signature over |certInfo| using the attestation public key in |aikCert| with the
         algorithm specified in |alg|.
     - Verify that |aikCert| meets the requirements in [[#sctn-tpm-cert-requirements]].
-    - If |aikCert| contains an extension with OID `1 3 6 1 4 1 45724 1 1 4` (id-fido-gen-ce-aaguid) verify that the value of this
+    - If |aikCert| contains an extension with OID `1.3.6.1.4.1.45724.1.1.4` (`id-fido-gen-ce-aaguid`) verify that the value of this
         extension matches the <code>[=aaguid=]</code> in |authenticatorData|.
     - If successful, return implementation-specific values representing [=attestation type=] [=AttCA=] and [=attestation trust
         path=] |x5c|.
@@ -4977,7 +4977,7 @@ the attestation=] is consistent with the fields of the attestation certificate's
 ### Android Key Attestation Statement Certificate Requirements ### {#sctn-key-attstn-cert-requirements}
 
 Android Key Attestation [=attestation certificate=]'s <dfn>android key attestation certificate extension
-data</dfn> is identified by the OID "1.3.6.1.4.1.11129.2.1.17", and its schema is defined in the [Android developer documentation](https://developer.android.com/training/articles/security-key-attestation#certificate_schema).
+data</dfn> is identified by the OID `1.3.6.1.4.1.11129.2.1.17`, and its schema is defined in the [Android developer documentation](https://developer.android.com/training/articles/security-key-attestation#certificate_schema).
 
 ## Android SafetyNet Attestation Statement Format ## {#sctn-android-safetynet-attestation}
 
@@ -5189,15 +5189,15 @@ This attestation statement format is exclusively used by Apple for certain types
     1. Let |authenticatorData| denote the authenticator data for the attestation, and let |clientDataHash| denote the [=hash of the serialized client data=].
     2. Concatenate |authenticatorData| and |clientDataHash| to form |nonceToHash|.
     3. Perform SHA-256 hash of |nonceToHash| to produce |nonce|.
-    4. Let Apple anonymous attestation CA generate an X.509 certificate for the [=credential public key=] and include the |nonce| as a certificate extension with OID ( 1.2.840.113635.100.8.2 ). |credCert| denotes this certificate. The |credCert| thus serves as a proof of the attestation, and the included |nonce| proves the attestation is live. In addition to that, the |nonce| also protects the integrity of the |authenticatorData| and [=client data=].
+    4. Let Apple anonymous attestation CA generate an X.509 certificate for the [=credential public key=] and include the |nonce| as a certificate extension with OID `1.2.840.113635.100.8.2`. |credCert| denotes this certificate. The |credCert| thus serves as a proof of the attestation, and the included |nonce| proves the attestation is live. In addition to that, the |nonce| also protects the integrity of the |authenticatorData| and [=client data=].
     5. Set |x5c| to |credCert| followed by its certificate chain.
 
 : Verification procedure
 :: Given the verification procedure inputs |attStmt|, |authenticatorData| and |clientDataHash|, the verification procedure is as follows:
     1. Verify that |attStmt| is valid CBOR conforming to the syntax defined above and perform CBOR decoding on it to extract the contained fields.
     2. Concatenate |authenticatorData| and |clientDataHash| to form |nonceToHash|.
     3. Perform SHA-256 hash of |nonceToHash| to produce |nonce|.
-    4. Verify that |nonce| equals the value of the extension with OID ( 1.2.840.113635.100.8.2 ) in |credCert|.
+    4. Verify that |nonce| equals the value of the extension with OID `1.2.840.113635.100.8.2` in |credCert|.
     5. Verify that the [=credential public key=] equals the Subject Public Key of |credCert|.
     6. If successful, return implementation-specific values representing attestation type [=Anonymization CA=] and attestation trust path |x5c|.