Closed Bug 1381575 Opened 7 years ago Closed 7 years ago

WebAuthn: Encode valid AAGUIDs where possible

Categories

(Core :: DOM: Device Interfaces, enhancement, P3)

Product:
Core
Component:
DOM: Device Interfaces
Version:
55 Branch
Type:
enhancement

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: jcj, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [webauthn]) 

The WebAuthn data structures return an AAGUID field to the relying party. AAGUIDs aren't always available in U2F authenticators - if they exist, they are encoded in the X.509 attestation certificate using OID 1 3 6 1 4 1 45724 1 1 4 (id-fido-gen-ce-aaguid) [1][2].

This ticket should A) decode the AAGUID from the X.509 cert, if it exists, and B) adjust the 'default' code from all-zeroes to whatever the Working Group resolves in the issue of 'what's the default AAGUID?' issue [3].



[1] https://w3c.github.io/webauthn/#packed-attestation
[2] https://fidoalliance.org/specs/fido-uaf-v1.1-id-20170202/fido-metadata-statement-v1.1-id-20170202.html
[3] https://github.com/w3c/webauthn/issues/506
Priority: -- → P3
The working group decided to define that all U2F devices' AAGUIDs should be zero, so this is now a WONTFIX; there's nothing to do in Gecko until we support non-U2F devices.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.