add self attestation to U2F Attestation Statement Format, fixes #392

w3c · Jun 5, 2017 · 894c560 · 894c560
1 parent 3f8cd25
commit 894c560
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/index.bs b/index.bs
@@ -973,7 +973,7 @@ optionally evidence of [=user consent=] to a specific transaction.
 
     The <dfn>type</dfn> member specifies the type of credential to be created.
 
-    The <dfn>algorithm</dfn> member specifies the cryptographic signature algorithm with which the newly generated credential
+    The <dfn>alg</dfn> member specifies the cryptographic signature algorithm with which the newly generated credential
     will be used, and thus also the type of asymmetric key pair to be generated, e.g., RSA or Elliptic Curve.
 </div>
 
@@ -1732,7 +1732,7 @@ template:
     client data=], and returns either:
     - An error indicating that the attestation is invalid, or
     - The attestation type, and the trust path of the attestation. This trust path is either empty (in case of
-        self-attestation), an identifier of a [=ECDAA-Issuer public key=] (in the case of [=ECDAA=]), or a set of X.509
+        [=self attestation=]), an identifier of a [=ECDAA-Issuer public key=] (in the case of [=ECDAA=]), or a set of X.509
         certificates.
 
 The initial list of specified [=attestation statement formats=] is in [[#defined-attestation-formats]].
@@ -1750,7 +1750,7 @@ WebAuthn supports multiple attestation types:
     [[#sec-attestation-privacy]] for futher information.
 
 : <dfn>Self Attestation</dfn>
-:: In the case of self attestation, also known as surrogate basic attestation [[UAFProtocol]], the Authenticator doesn't have
+:: In the case of [=self attestation=], also known as surrogate basic attestation [[UAFProtocol]], the Authenticator doesn't have
     any specific attestation key. Instead it uses the authentication key itself to create the attestation signature.
     Authenticators without meaningful protection measures for an attestation private key typically use this attestation type.
 
@@ -1927,7 +1927,7 @@ When registering a new credential, represented by a {{AuthenticatorAttestationRe
     the [=attestation data=] contained in |authData|.
 
 12. Assess the attestation trustworthiness using the outputs of the verification procedure in step 10, as follows:
-        - If self-attestation was used, check if self-attestation is acceptable under [=[RP]=] policy.
+        - If [=self attestation=] was used, check if [=self attestation=] is acceptable under [=[RP]=] policy.
         - If [=ECDAA=] was used, verify that the [=identifier of the ECDAA-Issuer public key=] used is included in the set of
             acceptable trust anchors obtained in step 11.
         - Otherwise, use the X.509 certificates returned by the verification procedure to verify that the attestation public key
@@ -1943,7 +1943,7 @@ When registering a new credential, represented by a {{AuthenticatorAttestationRe
     the registration ceremony.
 
     NOTE: However, if permitted by policy, the [=[RP]=] MAY register the credential ID and credential public key but treat the
-        credential as one with self-attestation (see [[#sctn-attestation-types]]). If doing so, the [=[RP]=] is asserting there
+        credential as one with [=self attestation=] (see [[#sctn-attestation-types]]). If doing so, the [=[RP]=] is asserting there
         is no cryptographic proof that the [=public key credential=] has been generated by a particular [=authenticator=] model.
         See [[FIDOSecRef]] and [[UAFProtocol]] for a more detailed discussion.
 
@@ -2094,7 +2094,7 @@ implementable by [=authenticators=] with limited resources (e.g., secure element
     through an authenticator-specific mechanism (see [[!FIDOEcdaaAlgorithm]]). It sets |alg| to the algorithm of the
     [=ECDAA-Issuer public key=] and |ecdaaKeyId| to the [=identifier of the ECDAA-Issuer public key=] (see above).
 
-    If self attestation is in use, the authenticator produces |sig| by concatenating |authenticatorData| and |clientDataHash|,
+    If [=self attestation=] is in use, the authenticator produces |sig| by concatenating |authenticatorData| and |clientDataHash|,
     and signing the result using the credential private key. It sets |alg| to the algorithm of the credential private key, and
     omits the other fields.
 
@@ -2117,7 +2117,7 @@ implementable by [=authenticators=] with limited resources (e.g., secure element
         ECDAA-Verify with [=ECDAA-Issuer public key=] identified by |ecdaaKeyId| (see [[!FIDOEcdaaAlgorithm]]).
     - If successful, return attestation type ECDAA and trust path |ecdaaKeyId|.
 
-    If neither |x5c| nor |ecdaaKeyId| is present, self attestation is in use.
+    If neither |x5c| nor |ecdaaKeyId| is present, [=self attestation=] is in use.
     - Validate that |alg| matches the algorithm of the credential private key in |authenticatorData|.
     - Verify that |sig| is a valid signature over the concatenation of |authenticatorData| and |clientDataHash| using the
         credential public key with |alg|.
@@ -2402,7 +2402,7 @@ This attestation statement format is used with FIDO U2F authenticators using the
 :: fido-u2f
 
 : Attestation types supported
-:: Basic
+:: Basic, [=self attestation=]
 
 : Syntax
 :: The syntax of a FIDO U2F attestation statement is defined as follows: