Hi Brandon,
So, you are registering the challenge "device-attest-01", but your draft is
very specific to WebAuthn, and excludes any other attestation technology.
Request: could you either rename your draft to "webauthn-attest-01", or if
you're willing to broaden the scope of your draft, then I think the obvious
way would be to add a "type" field to POST /acme/chall :
"payload": base64url({"type": "webauthn",
"attObj": base64url(/* WebAuthn attestation object */),
. then continue your WebAuthn draft as you are.
At least then it would be extensible to accept other attestation evidence
formats in the future - we'd have to debate whether we need a new registry
for those "type" values; or whether there already exists a suitable registry
that we could piggy-back on.
- - -
Mike Ounsworth
Software Security Architect
(pronouns: he/him)
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
