Do not use MDS on attfmt "none"? #46
Comments
|
Any case where the attested credential data has aaguid present could be an authenticator that should be verified to not have an undesirable status listed against it in the MDS, so I think that would be true for "none", but not "self". Note that the MDSMetadata class is implemented as a singleton so initiating an instance doesn't actually cost anything after the first call instantiation. |
|
@aseigler I now configured my MDS with accesstoken and cacheDir ".\mdscache". It creates the folder sucessfully and stores the mdstoc.jwt in it, but crashes on filenotfound when running GetMetadataStatement("07a9f89c-6407-4594-9d56-621d5f1e358b", true). I think you should be able to replicate by cleaning your cache folder? |
|
update: I think this parameter should be changed from true -> fromCache? I changed it and it worked. |
abergs
changed the title
|
I think I am going to move all of the MDS related stuff into the packed attestation area. There are finally real authenticators in MDS now. |
|
Closed by #63 |
I think you are the best to answer this @aseigler:
My understanding is that MDS is not useful on "none" and "self" so we should not check or initiate the MDS on those formats, correct?
The text was updated successfully, but these errors were encountered: