Bad instructions in Android SafetyNet attestation validation steps

[sbweeden]

In section 8.5 (https://www.w3.org/TR/webauthn/#android-safetynet-attestation) there are validation instructions for the Android SafetyNet Attestation Statement Format.

One of these states:

"Verify that the nonce in the response is identical to the concatenation of authenticatorData and clientDataHash."

This is actually wrong. The nonce actually seems to be:
b64encode(sha256(authenticatorData + clientDataHash));

Please confirm with the Google team first, but that seems to be the needed check to me.

[herrjemand]

https://w3c.github.io/webauthn/#android-safetynet-attestation

Verify that the nonce in the response is identical to the SHA-256 hash of the concatenation of authenticatorData and clientDataHash.

@sbweeden In future please submit issues against the Editorial Draft that located here: https://w3c.github.io/webauthn/

Proposing closing this with "non-issue"

[sbweeden]

I'll concede fair point on the location of the document to review. I won't quite concede on the "non-issue" statement.

The output of a sha256 operation is a byte array. The nonce in the jws payload of the response is a base64 encoded representation of this.

[arnar]

We can indeed clarify that the JWS nonce field is base64 encoded. See #1021