Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packed Attestation Format #4

Closed
3 of 4 tasks
Spomky opened this issue Jan 28, 2019 · 4 comments
Closed
3 of 4 tasks

Packed Attestation Format #4

Spomky opened this issue Jan 28, 2019 · 4 comments
Assignees
@Spomky
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@Spomky
Copy link
Contributor

Spomky commented Jan 28, 2019
edited
Loading

Q A
Bug report? no
Feature request? yes
BC Break report? no
RFC? / Specification https://www.w3.org/TR/webauthn/#packed-attestation
Version 1.x

Add support for packed attestionation format.

  • Basic (mandatory)
  • AttCA (mandatory)
  • Self Attestation (mandatory)
  • ECDAA (optional) -- Will be done at a later stage
@Spomky Spomky self-assigned this Jan 28, 2019
@Spomky Spomky added the enhancement New feature or request label Jan 28, 2019
@Spomky Spomky mentioned this issue Jan 28, 2019
Closed
4 tasks
@Spomky Spomky added the help wanted Extra attention is needed label Jan 28, 2019
@Spomky Spomky mentioned this issue Jan 29, 2019
Merged
@Spomky Spomky added this to the v1.2 milestone Feb 6, 2019
@francislavoie
Copy link

Thanks for working on this! I'll be following the progress, I'll likely be implementing this in some systems at some point.

I just wanted to bring this up: https://paragonie.com/blog/2018/08/security-concerns-surrounding-webauthn-don-t-implement-ecdaa-yet just in case you weren't aware. Not sure if there's been new developments on the topic since then, I haven't been following the FIDO2 progress in the past few months.

@Spomky
Copy link
Contributor Author

Spomky commented Feb 11, 2019
edited
Loading

Hi @francislavoie,

I read that blog post few months ago (I usually follow what Scott writes).
ECDAA has not moved so far and the spec is still in review so wait and see. This is not a priority for me as no security device use it.
I prefer spend my time on Android SafetyNet/Android Key and TPM attestations.

@Spomky Spomky removed this from the v1.2 milestone Feb 14, 2019
@Spomky Spomky mentioned this issue Feb 18, 2019
Closed
@Spomky
Copy link
Contributor Author

Spomky commented Feb 18, 2019

Done. Available in v1.0 (Basic/AttCa). Self is available in v1.1.
See #27 for ECDAA attestation type follow-up.

@Spomky Spomky closed this as completed Feb 18, 2019
@it-spiderman it-spiderman mentioned this issue Sep 2, 2019
Closed
@Mazecreator Mazecreator mentioned this issue Mar 6, 2020
Closed
@lea-ger lea-ger mentioned this issue Apr 1, 2022
Closed
@github-actions
Copy link
Contributor

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Spomky Spomky

Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Spomky @francislavoie