-
-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not use MDS on attfmt "none"? #46
Comments
Any case where the attested credential data has aaguid present could be an authenticator that should be verified to not have an undesirable status listed against it in the MDS, so I think that would be true for "none", but not "self". Note that the MDSMetadata class is implemented as a singleton so initiating an instance doesn't actually cost anything after the first call instantiation. |
@aseigler I now configured my MDS with accesstoken and cacheDir ".\mdscache". It creates the folder sucessfully and stores the mdstoc.jwt in it, but crashes on filenotfound when running GetMetadataStatement("07a9f89c-6407-4594-9d56-621d5f1e358b", true). I think you should be able to replicate by cleaning your cache folder? |
update: I think this parameter should be changed from true -> fromCache? I changed it and it worked. |
I think I am going to move all of the MDS related stuff into the packed attestation area. There are finally real authenticators in MDS now. |
Closed by #63 |
I think you are the best to answer this @aseigler:
My understanding is that MDS is not useful on "none" and "self" so we should not check or initiate the MDS on those formats, correct?
The text was updated successfully, but these errors were encountered: