Server-ServerAuthenticatorAttestationResponse-Resp-9 P-1 & P-2 aikCert subject #395
Milestone
Comments
|
Upon further review, I believe spec should read "Subject Name field MUST be set to empty" as subject and subject name are two different fields. Every TPM EK has a subject like the one the test sends. I think you are good here. |
|
@aseigler Sorry, was just going to answer this one. Per RFC5280, certificate MUST contain subject sequence. It is not mandated for the sequence to contain any elements, so following those requirements AIK will just have an empty sequence. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.
If you have privacy concerns, please email [email protected]
What protocol and version of the protocol are you testing?
FIDO2
What is your implementation class?
Server
What is the version of the tool are you using?
v0.10.109
What is the OS and the version are you running?
Windows 10
Issue description
Server-ServerAuthenticatorAttestationResponse-Resp-9 Test server processing "tpm" attestation
P-1 Send a valid ServerAuthenticatorAttestationResponse with "tpm" attestation for SHA-256, and check that server succeeds
P-2 Send a valid ServerAuthenticatorAttestationResponse with "tpm" attestation for SHA-1, and check that server succeeds
Test sends an aikCert with subject set to string "TPMVersion=id:13 + TPMModel=NPCT6xx + TPMManufacturer=id:FFFFF1D0", spec at https://www.w3.org/TR/webauthn/#tpm-cert-requirements indicates "Subject field MUST be set to empty."
The text was updated successfully, but these errors were encountered: