From 7fdfb35ac78562da26339e283ad3d6bd90305467 Mon Sep 17 00:00:00 2001 From: Shane Weeden <sbweeden@users.noreply.github.com> Date: Wed, 13 Nov 2024 20:19:23 +0000 Subject: [PATCH] Merge pull request #2193 from mwiseman-byid/main SHA: 0633494704a6319cdfd7b03fb8ff782e01e5b481 Reason: push, by sbweeden Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- index.html | 82 ++++++++++++++++++++++++++++++------------------------ 1 file changed, 46 insertions(+), 36 deletions(-) diff --git a/index.html b/index.html index c10f63c13..a252e4ed9 100644 --- a/index.html +++ b/index.html @@ -6,7 +6,7 @@ <meta content="ED" name="w3c-status"> <meta content="Bikeshed version 742f3d674, updated Mon Nov 4 14:56:54 2024 -0800" name="generator"> <link href="https://www.w3.org/TR/webauthn-3/" rel="canonical"> - <meta content="92e101570d4b1f06121b3f7d3215cc68e5da4019" name="revision"> + <meta content="0633494704a6319cdfd7b03fb8ff782e01e5b481" name="revision"> <meta content="dark light" name="color-scheme"> <style type="text/css"> body { @@ -6816,8 +6816,10 @@ <h3 class="heading settled" data-level="8.3" id="sctn-tpm-attestation"><span cla <p>Generate a signature using the procedure specified in <a data-link-type="biblio" href="#biblio-tpmv2-part3" title="Trusted Platform Module Library, Part 3: Commands">[TPMv2-Part3]</a> Section 18.2, using the attestation private key and setting the <code>extraData</code> parameter to the digest of <var>attToBeSigned</var> using the hash algorithm corresponding to the "alg" signature algorithm. (For the "RS256" algorithm, this would be a SHA-256 digest.)</p> - <p>Set the <var>pubArea</var> field to the public area of the credential public key, the <var>certInfo</var> field to the output parameter of the -same name, and the <var>sig</var> field to the signature obtained from the above procedure.</p> + <p>Set the <var>pubArea</var> field to the public area of the credential public key (the TPMT_PUBLIC structure), the <var>certInfo</var> field (the TPMS_ATTEST structure) +to the output parameter of the same name, and the <var>sig</var> field to the signature obtained from the above procedure.</p> + <p class="note" role="note"><span class="marker">Note:</span> If the <var>pubArea</var> is read from the TPM using the TPM2_ReadPublic command, that command returns a TPM2B_PUBLIC structure. TPM2B_PUBLIC +is two bytes of length followed by the TPMT_PUBLIC structure. The two bytes of length must be removed prior to putting this into the <var>pubArea</var>.</p> <dt data-md>Verification procedure <dd data-md> <p>Given the <a data-link-type="dfn" href="#verification-procedure-inputs" id="ref-for-verification-procedure-inputs①">verification procedure inputs</a> <var>attStmt</var>, <var>authenticatorData</var> and <var>clientDataHash</var>, the <a data-link-type="dfn" href="#verification-procedure" id="ref-for-verification-procedure⑧">verification procedure</a> is @@ -6826,31 +6828,36 @@ <h3 class="heading settled" data-level="8.3" id="sctn-tpm-attestation"><span cla contained fields.</p> <p>Verify that the public key specified by the <code>parameters</code> and <code>unique</code> fields of <var>pubArea</var> is identical to the <code><a data-link-type="dfn" href="#authdata-attestedcredentialdata-credentialpublickey" id="ref-for-authdata-attestedcredentialdata-credentialpublickey⑦">credentialPublicKey</a></code> in the <code><a data-link-type="dfn" href="#authdata-attestedcredentialdata" id="ref-for-authdata-attestedcredentialdata⑧">attestedCredentialData</a></code> in <var>authenticatorData</var>.</p> <p>Concatenate <var>authenticatorData</var> and <var>clientDataHash</var> to form <var>attToBeSigned</var>.</p> - <p>Validate that <var>certInfo</var> is valid:</p> + <p>Verify integrity of <var>certInfo</var></p> <ul> - <li data-md> - <p>Verify that <code>magic</code> is set to <code>TPM_GENERATED_VALUE</code>.</p> - <li data-md> - <p>Verify that <code>type</code> is set to <code>TPM_ST_ATTEST_CERTIFY</code>.</p> - <li data-md> - <p>Verify that <code>extraData</code> is set to the hash of <var>attToBeSigned</var> using the hash algorithm employed in "alg".</p> - <li data-md> - <p>Verify that <code>attested</code> contains a <code>TPMS_CERTIFY_INFO</code> structure as specified in <a data-link-type="biblio" href="#biblio-tpmv2-part2" title="Trusted Platform Module Library, Part 2: Structures">[TPMv2-Part2]</a> section 10.12.3, -whose <code>name</code> field contains a valid Name for <var>pubArea</var>, -as computed using the procedure specified in <a data-link-type="biblio" href="#biblio-tpmv2-part1" title="Trusted Platform Module Library, Part 1: Architecture">[TPMv2-Part1]</a> section 16. Note that the hash algorithm is included within the attested <code>name</code> field of the TPMS_CERTIFY_INFO structure.</p> <li data-md> <p>Verify that <var>x5c</var> is present.</p> <li data-md> - <p>Note that the remaining fields in the "Standard Attestation Structure" <a data-link-type="biblio" href="#biblio-tpmv2-part1" title="Trusted Platform Module Library, Part 1: Architecture">[TPMv2-Part1]</a> section 31.2, i.e., <code>qualifiedSigner</code>, <code>clockInfo</code> and <code>firmwareVersion</code> are ignored. -These fields MAY be used as an input to risk engines.</p> + <p>Verify that <var>aikCert</var> meets the requirements in <a href="#sctn-tpm-cert-requirements">§ 8.3.1 TPM Attestation Statement Certificate Requirements</a>.</p> + <li data-md> + <p>If <var>aikCert</var> contains an extension with OID <code>1.3.6.1.4.1.45724.1.1.4</code> (<code>id-fido-gen-ce-aaguid</code>) verify that the value of this +extension matches the <code><a data-link-type="dfn" href="#authdata-attestedcredentialdata-aaguid" id="ref-for-authdata-attestedcredentialdata-aaguid⑥">aaguid</a></code> in <var>authenticatorData</var>.</p> <li data-md> <p>Verify the <var>sig</var> is a valid signature over <var>certInfo</var> using the attestation public key in <var>aikCert</var> with the algorithm specified in <var>alg</var>.</p> + </ul> + <p>Validate that <var>certInfo</var> is valid: +Note: <var>certInfo</var> is a TPMS_ATTEST structure.</p> + <ul> <li data-md> - <p>Verify that <var>aikCert</var> meets the requirements in <a href="#sctn-tpm-cert-requirements">§ 8.3.1 TPM Attestation Statement Certificate Requirements</a>.</p> + <p>Verify that <code>magic</code> is set to <code>TPM_GENERATED_VALUE</code>.</p> <li data-md> - <p>If <var>aikCert</var> contains an extension with OID <code>1.3.6.1.4.1.45724.1.1.4</code> (<code>id-fido-gen-ce-aaguid</code>) verify that the value of this -extension matches the <code><a data-link-type="dfn" href="#authdata-attestedcredentialdata-aaguid" id="ref-for-authdata-attestedcredentialdata-aaguid⑥">aaguid</a></code> in <var>authenticatorData</var>.</p> + <p>Verify that <code>type</code> is set to <code>TPM_ST_ATTEST_CERTIFY</code>.</p> + <li data-md> + <p>Verify that <code>extraData</code> is set to the hash of <var>attToBeSigned</var> using the hash algorithm employed in "alg".</p> + <li data-md> + <p>Verify that <code>attested</code> contains a <code>TPMS_CERTIFY_INFO</code> structure as specified in <a data-link-type="biblio" href="#biblio-tpmv2-part2" title="Trusted Platform Module Library, Part 2: Structures">[TPMv2-Part2]</a> section 10.12.3, +whose <code>name</code> field contains a valid Name for <var>pubArea</var>, as computed using the procedure specified in <a data-link-type="biblio" href="#biblio-tpmv2-part1" title="Trusted Platform Module Library, Part 1: Architecture">[TPMv2-Part1]</a> section 16 using the nameAlg in the <var>pubArea</var>.</p> + <p class="note" role="note"><span class="marker">Note:</span> The TPM will always return TPMS_CERTIFY_INFO structure with the same nameAlg in the <code>name</code> as the nameAlg +in <var>pubArea</var>.</p> + <p class="note" role="note"><span class="marker">Note:</span> The remaining fields in the "Standard Attestation Structure" <a data-link-type="biblio" href="#biblio-tpmv2-part1" title="Trusted Platform Module Library, Part 1: Architecture">[TPMv2-Part1]</a> section 31.2, i.e., <code>qualifiedSigner</code>, <code>clockInfo</code> and <code>firmwareVersion</code> are ignored. +Depending on the properties of the <var>aikCert</var> key used, these fields may be obfuscated. +If valid, these MAY be used as an input to risk engines.</p> <li data-md> <p>If successful, return implementation-specific values representing <a data-link-type="dfn" href="#attestation-type" id="ref-for-attestation-type①⑨">attestation type</a> <a data-link-type="dfn" href="#attca" id="ref-for-attca⑥">AttCA</a> and <a data-link-type="dfn" href="#attestation-trust-path" id="ref-for-attestation-trust-path⑤">attestation trust path</a> <var>x5c</var>.</p> @@ -6865,6 +6872,9 @@ <h4 class="heading settled" data-level="8.3.1" id="sctn-tpm-cert-requirements">< <p>Subject field MUST be set to empty.</p> <li data-md> <p>The Subject Alternative Name extension MUST be set as defined in <a data-link-type="biblio" href="#biblio-tpmv2-ek-profile" title="TCG EK Credential Profile for TPM Family 2.0">[TPMv2-EK-Profile]</a> section 3.2.9.</p> + <p class="note" role="note"><span class="marker">Note:</span> Previous versions of <a data-link-type="biblio" href="#biblio-tpmv2-ek-profile" title="TCG EK Credential Profile for TPM Family 2.0">[TPMv2-EK-Profile]</a> allowed the inclusion of an optional attribute, + called HardwareModuleName, that contains the TPM serial number in the EK certificate. + HardwareModuleName SHOULD NOT be placed in in the <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate⑦">attestation certificate</a> Subject Alternative Name.</p> <li data-md> <p>The Extended Key Usage extension MUST contain the OID <code>2.23.133.8.3</code> ("joint-iso-itu-t(2) internationalorganizations(23) 133 tcg-kp(8) tcg-kp-AIKCertificate(3)").</p> <li data-md> @@ -6926,7 +6936,7 @@ <h3 class="heading settled" data-level="8.4" id="sctn-android-key-attestation">< <li data-md> <p>Verify that the public key in the first certificate in <var>x5c</var> matches the <code><a data-link-type="dfn" href="#authdata-attestedcredentialdata-credentialpublickey" id="ref-for-authdata-attestedcredentialdata-credentialpublickey⑧">credentialPublicKey</a></code> in the <code><a data-link-type="dfn" href="#authdata-attestedcredentialdata" id="ref-for-authdata-attestedcredentialdata⑨">attestedCredentialData</a></code> in <var>authenticatorData</var>.</p> <li data-md> - <p>Verify that the <code>attestationChallenge</code> field in the <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate⑦">attestation certificate</a> <a data-link-type="dfn" href="#android-key-attestation-certificate-extension-data" id="ref-for-android-key-attestation-certificate-extension-data">extension data</a> is identical to <var>clientDataHash</var>.</p> + <p>Verify that the <code>attestationChallenge</code> field in the <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate⑧">attestation certificate</a> <a data-link-type="dfn" href="#android-key-attestation-certificate-extension-data" id="ref-for-android-key-attestation-certificate-extension-data">extension data</a> is identical to <var>clientDataHash</var>.</p> <li data-md> <p>Verify the following using the appropriate authorization list from the attestation certificate <a data-link-type="dfn" href="#android-key-attestation-certificate-extension-data" id="ref-for-android-key-attestation-certificate-extension-data①">extension data</a>:</p> <ul> @@ -6949,7 +6959,7 @@ <h3 class="heading settled" data-level="8.4" id="sctn-android-key-attestation">< </ul> </dl> <h4 class="heading settled" data-level="8.4.1" id="sctn-key-attstn-cert-requirements"><span class="secno">8.4.1. </span><span class="content">Android Key Attestation Statement Certificate Requirements</span><a class="self-link" href="#sctn-key-attstn-cert-requirements"></a></h4> - <p>Android Key Attestation <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate⑧">attestation certificate</a>'s <dfn class="dfn-paneled" data-dfn-type="dfn" data-lt="android key attestation certificate extension data" data-noexport id="android-key-attestation-certificate-extension-data">android key attestation certificate extension + <p>Android Key Attestation <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate⑨">attestation certificate</a>'s <dfn class="dfn-paneled" data-dfn-type="dfn" data-lt="android key attestation certificate extension data" data-noexport id="android-key-attestation-certificate-extension-data">android key attestation certificate extension data</dfn> is identified by the OID <code>1.3.6.1.4.1.11129.2.1.17</code>, and its schema is defined in the <a href="https://developer.android.com/training/articles/security-key-attestation#certificate_schema">Android developer documentation</a>.</p> <h3 class="heading settled" data-level="8.5" id="sctn-android-safetynet-attestation"><span class="secno">8.5. </span><span class="content">Android SafetyNet Attestation Statement Format</span><a class="self-link" href="#sctn-android-safetynet-attestation"></a></h3> <p class="note" role="note"><span class="marker">Note:</span> This format is deprecated and is expected to be removed in a future revision of this document.</p> @@ -8864,11 +8874,11 @@ <h4 class="heading settled" data-level="13.3.1" id="sctn-cert-hierarchy"><span c SHOULD be specified in the attestation certificate itself, so that it can be verified against the <a data-link-type="dfn" href="#authenticator-data" id="ref-for-authenticator-data⑤⑧">authenticator data</a>.</p> <h4 class="heading settled" data-level="13.3.2" id="sctn-ca-compromise"><span class="secno">13.3.2. </span><span class="content">Attestation Certificate and Attestation Certificate CA Compromise</span><a class="self-link" href="#sctn-ca-compromise"></a></h4> <p>When an intermediate CA or a root CA used for issuing attestation certificates is compromised, <a data-link-type="dfn" href="#webauthn-authenticator" id="ref-for-webauthn-authenticator①③">WebAuthn Authenticator</a> <a data-link-type="dfn" href="#attestation-key-pair" id="ref-for-attestation-key-pair⑥">attestation key pairs</a> are still safe although their certificates can no longer be trusted. A <a data-link-type="dfn" href="#webauthn-authenticator" id="ref-for-webauthn-authenticator①④">WebAuthn Authenticator</a> manufacturer that -has recorded the <a data-link-type="dfn" href="#attestation-public-key" id="ref-for-attestation-public-key①">attestation public keys</a> for their <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator②⑧③">authenticator</a> models can issue new <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate⑨">attestation certificates</a> for these keys from a new +has recorded the <a data-link-type="dfn" href="#attestation-public-key" id="ref-for-attestation-public-key①">attestation public keys</a> for their <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator②⑧③">authenticator</a> models can issue new <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①⓪">attestation certificates</a> for these keys from a new intermediate CA or from a new root CA. If the root CA changes, the <a data-link-type="dfn" href="#webauthn-relying-party" id="ref-for-webauthn-relying-party⑥⑦">WebAuthn Relying Parties</a> MUST update their trusted root certificates accordingly.</p> - <p>A <a data-link-type="dfn" href="#webauthn-authenticator" id="ref-for-webauthn-authenticator①⑤">WebAuthn Authenticator</a> <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①⓪">attestation certificate</a> MUST be revoked by the issuing CA if its <a data-link-type="dfn" href="#attestation-private-key" id="ref-for-attestation-private-key④">private key</a> has been compromised. A WebAuthn -Authenticator manufacturer may need to ship a firmware update and inject new <a data-link-type="dfn" href="#attestation-private-key" id="ref-for-attestation-private-key⑤">attestation private keys</a> and <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①①">certificates</a> into already + <p>A <a data-link-type="dfn" href="#webauthn-authenticator" id="ref-for-webauthn-authenticator①⑤">WebAuthn Authenticator</a> <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①①">attestation certificate</a> MUST be revoked by the issuing CA if its <a data-link-type="dfn" href="#attestation-private-key" id="ref-for-attestation-private-key④">private key</a> has been compromised. A WebAuthn +Authenticator manufacturer may need to ship a firmware update and inject new <a data-link-type="dfn" href="#attestation-private-key" id="ref-for-attestation-private-key⑤">attestation private keys</a> and <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①②">certificates</a> into already manufactured <a data-link-type="dfn" href="#webauthn-authenticator" id="ref-for-webauthn-authenticator①⑥">WebAuthn Authenticators</a>, if the exposure was due to a firmware flaw. (The process by which this happens is out of scope for this specification.) If the <a data-link-type="dfn" href="#webauthn-authenticator" id="ref-for-webauthn-authenticator①⑦">WebAuthn Authenticator</a> manufacturer does not have this capability, then it may not be possible for <a data-link-type="dfn" href="#relying-party" id="ref-for-relying-party③④③">Relying Parties</a> to trust any further <a data-link-type="dfn" href="#attestation-statement" id="ref-for-attestation-statement④⓪">attestation statements</a> from the affected <a data-link-type="dfn" href="#webauthn-authenticator" id="ref-for-webauthn-authenticator①⑧">WebAuthn Authenticators</a>.</p> @@ -8934,10 +8944,10 @@ <h4 class="heading settled" data-level="13.4.4" id="sctn-attestation-limitations <p class="note" role="note"><span class="marker">Note:</span> All variants of <a data-link-type="dfn" href="https://tools.ietf.org/html/rfc4949#page-186" id="ref-for-page-186⑤">man-in-the-middle attacks</a> described above are more difficult for an attacker to mount than a <a data-link-type="dfn" href="https://tools.ietf.org/html/rfc4949#page-186" id="ref-for-page-186⑥">man-in-the-middle attack</a> against conventional password authentication.</p> <h4 class="heading settled" data-level="13.4.5" id="sctn-revoked-attestation-certificates"><span class="secno">13.4.5. </span><span class="content">Revoked Attestation Certificates</span><a class="self-link" href="#sctn-revoked-attestation-certificates"></a></h4> - <p>If <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①②">attestation certificate</a> validation fails due to a revoked intermediate attestation CA certificate, and the <a data-link-type="dfn" href="#relying-party" id="ref-for-relying-party③⑥⑥">Relying Party</a>'s policy + <p>If <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①③">attestation certificate</a> validation fails due to a revoked intermediate attestation CA certificate, and the <a data-link-type="dfn" href="#relying-party" id="ref-for-relying-party③⑥⑥">Relying Party</a>'s policy requires rejecting the registration/authentication request in these situations, then it is RECOMMENDED that the <a data-link-type="dfn" href="#relying-party" id="ref-for-relying-party③⑥⑦">Relying Party</a> also un-registers (or marks with a trust level equivalent to "<a data-link-type="dfn" href="#self-attestation" id="ref-for-self-attestation②⓪">self attestation</a>") <a data-link-type="dfn" href="#public-key-credential" id="ref-for-public-key-credential⑥②">public key credentials</a> that were registered -after the CA compromise date using an <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①③">attestation certificate</a> chaining up to the same intermediate CA. It is thus RECOMMENDED +after the CA compromise date using an <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①④">attestation certificate</a> chaining up to the same intermediate CA. It is thus RECOMMENDED that <a data-link-type="dfn" href="#relying-party" id="ref-for-relying-party③⑥⑧">Relying Parties</a> remember intermediate attestation CA certificates during <a data-link-type="dfn" href="#registration" id="ref-for-registration②③">registration</a> in order to un-register related <a data-link-type="dfn" href="#public-key-credential" id="ref-for-public-key-credential⑥③">public key credentials</a> if the <a data-link-type="dfn" href="#registration" id="ref-for-registration②④">registration</a> was performed after revocation of such certificates.</p> <p>See also the related security consideration for <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator②⑨⑧">authenticators</a> in <a href="#sctn-ca-compromise">§ 13.3.2 Attestation Certificate and Attestation Certificate CA Compromise</a>.</p> @@ -9084,7 +9094,7 @@ <h3 class="heading settled" data-level="14.2" id="sctn-non-correlatable-credenti not correlatable as belonging to the same user. A pair of malicious <a data-link-type="dfn" href="#relying-party" id="ref-for-relying-party④⓪④">Relying Parties</a> thus cannot correlate users between their systems without additional information, e.g., a willfully reused username or e-mail address.</p> <li data-md> - <p><a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③①④">Authenticators</a> ensure that their <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①④">attestation certificates</a> are not unique enough to identify a single <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③①⑤">authenticator</a> or a small group of <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③①⑥">authenticators</a>. This is detailed further in <a href="#sctn-attestation-privacy">§ 14.4.1 Attestation Privacy</a>. A pair of malicious <a data-link-type="dfn" href="#relying-party" id="ref-for-relying-party④⓪⑤">Relying Parties</a> thus cannot correlate users between their systems by tracking individual <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③①⑦">authenticators</a>.</p> + <p><a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③①④">Authenticators</a> ensure that their <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①⑤">attestation certificates</a> are not unique enough to identify a single <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③①⑤">authenticator</a> or a small group of <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③①⑥">authenticators</a>. This is detailed further in <a href="#sctn-attestation-privacy">§ 14.4.1 Attestation Privacy</a>. A pair of malicious <a data-link-type="dfn" href="#relying-party" id="ref-for-relying-party④⓪⑤">Relying Parties</a> thus cannot correlate users between their systems by tracking individual <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③①⑦">authenticators</a>.</p> </ul> <p>Additionally, a <a data-link-type="dfn" href="#client-side-discoverable-public-key-credential-source" id="ref-for-client-side-discoverable-public-key-credential-source⑧">client-side discoverable public key credential source</a> can optionally include a <a data-link-type="dfn" href="#user-handle" id="ref-for-user-handle②⑥">user handle</a> specified by the <a data-link-type="dfn" href="#relying-party" id="ref-for-relying-party④⓪⑥">Relying Party</a>. The <a data-link-type="dfn" href="#public-key-credential" id="ref-for-public-key-credential⑦⑥">credential</a> can then be used to both identify and <a data-link-type="dfn" href="#authentication" id="ref-for-authentication①⑥">authenticate</a> the user. @@ -9100,24 +9110,24 @@ <h3 class="heading settled" data-level="14.3" id="sctn-biometric-privacy"><span instead of revealing the biometric data itself to the <a data-link-type="dfn" href="#relying-party" id="ref-for-relying-party④①③">Relying Party</a>.</p> <h3 class="heading settled" data-level="14.4" id="sctn-privacy-considerations-authenticator"><span class="secno">14.4. </span><span class="content">Privacy considerations for <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③①⑨">authenticators</a></span><a class="self-link" href="#sctn-privacy-considerations-authenticator"></a></h3> <h4 class="heading settled" data-level="14.4.1" id="sctn-attestation-privacy"><span class="secno">14.4.1. </span><span class="content">Attestation Privacy</span><a class="self-link" href="#sctn-attestation-privacy"></a></h4> - <p><a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①⑤">Attestation certificates</a> and <a data-link-type="dfn" href="#attestation-key-pair" id="ref-for-attestation-key-pair⑦">attestation key pairs</a> can be used to track users + <p><a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①⑥">Attestation certificates</a> and <a data-link-type="dfn" href="#attestation-key-pair" id="ref-for-attestation-key-pair⑦">attestation key pairs</a> can be used to track users or link various online identities of the same user together. This can be mitigated in several ways, including:</p> <ul> <li data-md> <p>A <a data-link-type="dfn" href="#webauthn-authenticator" id="ref-for-webauthn-authenticator①⑨">WebAuthn Authenticator</a> manufacturer may choose to ship <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③②⓪">authenticators</a> in batches -where <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③②①">authenticators</a> in a batch share the same <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①⑥">attestation certificate</a> (called <a data-link-type="dfn" href="#basic-attestation" id="ref-for-basic-attestation①">Basic Attestation</a> or <a data-link-type="dfn" href="#batch-attestation" id="ref-for-batch-attestation">batch attestation</a>). -This will anonymize the user at the risk of not being able to revoke a particular <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①⑦">attestation certificate</a> if its <a data-link-type="dfn" href="#attestation-private-key" id="ref-for-attestation-private-key⑥">private key</a> is compromised. +where <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③②①">authenticators</a> in a batch share the same <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①⑦">attestation certificate</a> (called <a data-link-type="dfn" href="#basic-attestation" id="ref-for-basic-attestation①">Basic Attestation</a> or <a data-link-type="dfn" href="#batch-attestation" id="ref-for-batch-attestation">batch attestation</a>). +This will anonymize the user at the risk of not being able to revoke a particular <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①⑧">attestation certificate</a> if its <a data-link-type="dfn" href="#attestation-private-key" id="ref-for-attestation-private-key⑥">private key</a> is compromised. The <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③②②">authenticator</a> manufacturer SHOULD then ensure that such batches are large enough to provide meaningful anonymization, while also minimizing the batch size in order to limit the number of affected users in case an <a data-link-type="dfn" href="#attestation-private-key" id="ref-for-attestation-private-key⑦">attestation private key</a> is compromised.</p> - <p><a data-link-type="biblio" href="#biblio-uafprotocol" title="FIDO UAF Protocol Specification v1.0">[UAFProtocol]</a> requires that at least 100,000 <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③②③">authenticator</a> devices share the same <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①⑧">attestation certificate</a> in order to produce + <p><a data-link-type="biblio" href="#biblio-uafprotocol" title="FIDO UAF Protocol Specification v1.0">[UAFProtocol]</a> requires that at least 100,000 <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③②③">authenticator</a> devices share the same <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①⑨">attestation certificate</a> in order to produce sufficiently large groups. This may serve as guidance about suitable batch sizes.</p> <li data-md> - <p>A <a data-link-type="dfn" href="#webauthn-authenticator" id="ref-for-webauthn-authenticator②⓪">WebAuthn Authenticator</a> may be capable of dynamically generating different <a data-link-type="dfn" href="#attestation-key-pair" id="ref-for-attestation-key-pair⑧">attestation key pairs</a> (and requesting related <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate①⑨">certificates</a>) per-<a data-link-type="dfn" href="https://w3c.github.io/webappsec-credential-management/#concept-credential" id="ref-for-concept-credential③①">credential</a> as described in the <a data-link-type="dfn" href="#anonymization-ca" id="ref-for-anonymization-ca⑥">Anonymization CA</a> approach. For example, an <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③②④">authenticator</a> can ship with a -main <a data-link-type="dfn" href="#attestation-private-key" id="ref-for-attestation-private-key⑧">attestation private key</a> (and <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate②⓪">certificate</a>), + <p>A <a data-link-type="dfn" href="#webauthn-authenticator" id="ref-for-webauthn-authenticator②⓪">WebAuthn Authenticator</a> may be capable of dynamically generating different <a data-link-type="dfn" href="#attestation-key-pair" id="ref-for-attestation-key-pair⑧">attestation key pairs</a> (and requesting related <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate②⓪">certificates</a>) per-<a data-link-type="dfn" href="https://w3c.github.io/webappsec-credential-management/#concept-credential" id="ref-for-concept-credential③①">credential</a> as described in the <a data-link-type="dfn" href="#anonymization-ca" id="ref-for-anonymization-ca⑥">Anonymization CA</a> approach. For example, an <a data-link-type="dfn" href="#authenticator" id="ref-for-authenticator③②④">authenticator</a> can ship with a +main <a data-link-type="dfn" href="#attestation-private-key" id="ref-for-attestation-private-key⑧">attestation private key</a> (and <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate②①">certificate</a>), and combined with a cloud-operated <a data-link-type="dfn" href="#anonymization-ca" id="ref-for-anonymization-ca⑦">Anonymization CA</a>, -can dynamically generate per-<a data-link-type="dfn" href="https://w3c.github.io/webappsec-credential-management/#concept-credential" id="ref-for-concept-credential③②">credential</a> <a data-link-type="dfn" href="#attestation-key-pair" id="ref-for-attestation-key-pair⑨">attestation key pairs</a> and <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate②①">attestation certificates</a>.</p> +can dynamically generate per-<a data-link-type="dfn" href="https://w3c.github.io/webappsec-credential-management/#concept-credential" id="ref-for-concept-credential③②">credential</a> <a data-link-type="dfn" href="#attestation-key-pair" id="ref-for-attestation-key-pair⑨">attestation key pairs</a> and <a data-link-type="dfn" href="#attestation-certificate" id="ref-for-attestation-certificate②②">attestation certificates</a>.</p> <p class="note" role="note"><span class="marker">Note:</span> In various places outside this specification, the term "Privacy CA" is used to refer to what is termed here as an <a data-link-type="dfn" href="#anonymization-ca" id="ref-for-anonymization-ca⑧">Anonymization CA</a>. Because the Trusted Computing Group (TCG) also used the term "Privacy CA" to refer to what the TCG now refers to as an <a data-link-type="dfn" href="#attestation-ca" id="ref-for-attestation-ca③">Attestation CA</a> (ACA) <a data-link-type="biblio" href="#biblio-tcg-cmcprofile-aikcertenroll" title="TCG Infrastructure Working Group: A CMC Profile for AIK Certificate Enrollment">[TCG-CMCProfile-AIKCertEnroll]</a>, we are using the term <a data-link-type="dfn" href="#anonymization-ca" id="ref-for-anonymization-ca⑨">Anonymization CA</a> here to try to mitigate @@ -10446,7 +10456,7 @@ <h3 class="no-num no-ref heading settled" id="normative"><span class="content">N <dt id="biblio-tokenbinding">[TokenBinding] <dd>A. Popov; et al. <a href="https://tools.ietf.org/html/rfc8471"><cite>The Token Binding Protocol Version 1.0</cite></a>. October, 2018. IETF Proposed Standard. URL: <a href="https://tools.ietf.org/html/rfc8471">https://tools.ietf.org/html/rfc8471</a> <dt id="biblio-tpmv2-ek-profile">[TPMv2-EK-Profile] - <dd><a href="https://www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf"><cite>TCG EK Credential Profile for TPM Family 2.0</cite></a>. URL: <a href="https://www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf">https://www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf</a> + <dd><a href="https://trustedcomputinggroup.org/wp-content/uploads/TCG-EK-Credential-Profile-V-2.5-R2_published.pdf"><cite>TCG EK Credential Profile for TPM Family 2.0</cite></a>. URL: <a href="https://trustedcomputinggroup.org/wp-content/uploads/TCG-EK-Credential-Profile-V-2.5-R2_published.pdf">https://trustedcomputinggroup.org/wp-content/uploads/TCG-EK-Credential-Profile-V-2.5-R2_published.pdf</a> <dt id="biblio-tpmv2-part1">[TPMv2-Part1] <dd><a href="https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf"><cite>Trusted Platform Module Library, Part 1: Architecture</cite></a>. URL: <a href="https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf">https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf</a> <dt id="biblio-tpmv2-part2">[TPMv2-Part2] @@ -11525,7 +11535,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content "attca": {"dfnID":"attca","dfnText":"AttCA","external":false,"refSections":[{"refs":[{"id":"ref-for-attca"}],"title":"6.5.3. Attestation Types"},{"refs":[{"id":"ref-for-attca\u2460"},{"id":"ref-for-attca\u2461"},{"id":"ref-for-attca\u2462"},{"id":"ref-for-attca\u2463"}],"title":"8.2. Packed Attestation Statement Format"},{"refs":[{"id":"ref-for-attca\u2464"},{"id":"ref-for-attca\u2465"}],"title":"8.3. TPM Attestation Statement Format"},{"refs":[{"id":"ref-for-attca\u2466"},{"id":"ref-for-attca\u2467"},{"id":"ref-for-attca\u2468"}],"title":"8.6. FIDO U2F Attestation Statement Format"}],"url":"#attca"}, "attestation": {"dfnID":"attestation","dfnText":"Attestation","external":false,"refSections":[{"refs":[{"id":"ref-for-attestation\u2461"}],"title":"1.1. Specification Roadmap"},{"refs":[{"id":"ref-for-attestation\u2462"},{"id":"ref-for-attestation\u2463"},{"id":"ref-for-attestation\u2464"}],"title":"4. Terminology"},{"refs":[{"id":"ref-for-attestation\u2465"},{"id":"ref-for-attestation\u2466"}],"title":"5.2.1.1. Easily accessing credential data"},{"refs":[{"id":"ref-for-attestation\u2467"}],"title":"5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"},{"refs":[{"id":"ref-for-attestation\u2468"}],"title":"5.4.7. Attestation Conveyance Preference Enumeration (enum AttestationConveyancePreference)"},{"refs":[{"id":"ref-for-attestation\u2460\u24ea"},{"id":"ref-for-attestation\u2460\u2460"},{"id":"ref-for-attestation\u2460\u2461"},{"id":"ref-for-attestation\u2460\u2462"}],"title":"6. WebAuthn Authenticator Model"},{"refs":[{"id":"ref-for-attestation\u2460\u2463"}],"title":"6.3.2. The authenticatorMakeCredential Operation"},{"refs":[{"id":"ref-for-attestation\u2460\u2464"},{"id":"ref-for-attestation\u2460\u2465"},{"id":"ref-for-attestation\u2460\u2466"},{"id":"ref-for-attestation\u2460\u2467"}],"title":"6.5. Attestation"},{"refs":[{"id":"ref-for-attestation\u2460\u2468"},{"id":"ref-for-attestation\u2461\u24ea"}],"title":"6.5.3. Attestation Types"},{"refs":[{"id":"ref-for-attestation\u2461\u2460"}],"title":"8.2. Packed Attestation Statement Format"},{"refs":[{"id":"ref-for-attestation\u2461\u2461"}],"title":"8.7. None Attestation Statement Format"},{"refs":[{"id":"ref-for-attestation\u2461\u2462"}],"title":"12.1. WebAuthn Attestation Statement Format Identifier Registrations Updates"},{"refs":[{"id":"ref-for-attestation\u2461\u2463"}],"title":"13. Security Considerations"}],"url":"#attestation"}, "attestation-ca": {"dfnID":"attestation-ca","dfnText":"Attestation CA","external":false,"refSections":[{"refs":[{"id":"ref-for-attestation-ca"}],"title":"5.4.7. Attestation Conveyance Preference Enumeration (enum AttestationConveyancePreference)"},{"refs":[{"id":"ref-for-attestation-ca\u2460"},{"id":"ref-for-attestation-ca\u2461"}],"title":"6.5.3. Attestation Types"},{"refs":[{"id":"ref-for-attestation-ca\u2462"}],"title":"14.4.1. Attestation Privacy"}],"url":"#attestation-ca"}, -"attestation-certificate": {"dfnID":"attestation-certificate","dfnText":"Attestation Certificate","external":false,"refSections":[{"refs":[{"id":"ref-for-attestation-certificate"},{"id":"ref-for-attestation-certificate\u2460"}],"title":"4. Terminology"},{"refs":[{"id":"ref-for-attestation-certificate\u2461"}],"title":"5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Internal Method"},{"refs":[{"id":"ref-for-attestation-certificate\u2462"},{"id":"ref-for-attestation-certificate\u2463"},{"id":"ref-for-attestation-certificate\u2464"}],"title":"6.5.3. Attestation Types"},{"refs":[{"id":"ref-for-attestation-certificate\u2465"}],"title":"8.3.1. TPM Attestation Statement Certificate Requirements"},{"refs":[{"id":"ref-for-attestation-certificate\u2466"}],"title":"8.4. Android Key Attestation Statement Format"},{"refs":[{"id":"ref-for-attestation-certificate\u2467"}],"title":"8.4.1. Android Key Attestation Statement Certificate Requirements"},{"refs":[{"id":"ref-for-attestation-certificate\u2468"},{"id":"ref-for-attestation-certificate\u2460\u24ea"},{"id":"ref-for-attestation-certificate\u2460\u2460"}],"title":"13.3.2. Attestation Certificate and Attestation Certificate CA Compromise"},{"refs":[{"id":"ref-for-attestation-certificate\u2460\u2461"},{"id":"ref-for-attestation-certificate\u2460\u2462"}],"title":"13.4.5. Revoked Attestation Certificates"},{"refs":[{"id":"ref-for-attestation-certificate\u2460\u2463"}],"title":"14.2. Anonymous, Scoped, Non-correlatable Public Key Credentials"},{"refs":[{"id":"ref-for-attestation-certificate\u2460\u2464"},{"id":"ref-for-attestation-certificate\u2460\u2465"},{"id":"ref-for-attestation-certificate\u2460\u2466"},{"id":"ref-for-attestation-certificate\u2460\u2467"},{"id":"ref-for-attestation-certificate\u2460\u2468"},{"id":"ref-for-attestation-certificate\u2461\u24ea"},{"id":"ref-for-attestation-certificate\u2461\u2460"}],"title":"14.4.1. Attestation Privacy"}],"url":"#attestation-certificate"}, +"attestation-certificate": {"dfnID":"attestation-certificate","dfnText":"Attestation Certificate","external":false,"refSections":[{"refs":[{"id":"ref-for-attestation-certificate"},{"id":"ref-for-attestation-certificate\u2460"}],"title":"4. Terminology"},{"refs":[{"id":"ref-for-attestation-certificate\u2461"}],"title":"5.1.3. Create a New Credential - PublicKeyCredential\u2019s [[Create]](origin, options, sameOriginWithAncestors) Internal Method"},{"refs":[{"id":"ref-for-attestation-certificate\u2462"},{"id":"ref-for-attestation-certificate\u2463"},{"id":"ref-for-attestation-certificate\u2464"}],"title":"6.5.3. Attestation Types"},{"refs":[{"id":"ref-for-attestation-certificate\u2465"},{"id":"ref-for-attestation-certificate\u2466"}],"title":"8.3.1. TPM Attestation Statement Certificate Requirements"},{"refs":[{"id":"ref-for-attestation-certificate\u2467"}],"title":"8.4. Android Key Attestation Statement Format"},{"refs":[{"id":"ref-for-attestation-certificate\u2468"}],"title":"8.4.1. Android Key Attestation Statement Certificate Requirements"},{"refs":[{"id":"ref-for-attestation-certificate\u2460\u24ea"},{"id":"ref-for-attestation-certificate\u2460\u2460"},{"id":"ref-for-attestation-certificate\u2460\u2461"}],"title":"13.3.2. Attestation Certificate and Attestation Certificate CA Compromise"},{"refs":[{"id":"ref-for-attestation-certificate\u2460\u2462"},{"id":"ref-for-attestation-certificate\u2460\u2463"}],"title":"13.4.5. Revoked Attestation Certificates"},{"refs":[{"id":"ref-for-attestation-certificate\u2460\u2464"}],"title":"14.2. Anonymous, Scoped, Non-correlatable Public Key Credentials"},{"refs":[{"id":"ref-for-attestation-certificate\u2460\u2465"},{"id":"ref-for-attestation-certificate\u2460\u2466"},{"id":"ref-for-attestation-certificate\u2460\u2467"},{"id":"ref-for-attestation-certificate\u2460\u2468"},{"id":"ref-for-attestation-certificate\u2461\u24ea"},{"id":"ref-for-attestation-certificate\u2461\u2460"},{"id":"ref-for-attestation-certificate\u2461\u2461"}],"title":"14.4.1. Attestation Privacy"}],"url":"#attestation-certificate"}, "attestation-conveyance": {"dfnID":"attestation-conveyance","dfnText":"Attestation Conveyance","external":false,"refSections":[{"refs":[{"id":"ref-for-attestation-conveyance"}],"title":"4. Terminology"},{"refs":[{"id":"ref-for-attestation-conveyance\u2460"}],"title":"5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"},{"refs":[{"id":"ref-for-attestation-conveyance\u2461"}],"title":"5.4.7. Attestation Conveyance Preference Enumeration (enum AttestationConveyancePreference)"},{"refs":[{"id":"ref-for-attestation-conveyance\u2462"}],"title":"6.5.3. Attestation Types"}],"url":"#attestation-conveyance"}, "attestation-key-pair": {"dfnID":"attestation-key-pair","dfnText":"attestation key pair","external":false,"refSections":[{"refs":[{"id":"ref-for-attestation-key-pair"},{"id":"ref-for-attestation-key-pair\u2460"}],"title":"4. Terminology"},{"refs":[{"id":"ref-for-attestation-key-pair\u2461"}],"title":"6.5. Attestation"},{"refs":[{"id":"ref-for-attestation-key-pair\u2462"},{"id":"ref-for-attestation-key-pair\u2463"},{"id":"ref-for-attestation-key-pair\u2464"}],"title":"6.5.3. Attestation Types"},{"refs":[{"id":"ref-for-attestation-key-pair\u2465"}],"title":"13.3.2. Attestation Certificate and Attestation Certificate CA Compromise"},{"refs":[{"id":"ref-for-attestation-key-pair\u2466"},{"id":"ref-for-attestation-key-pair\u2467"},{"id":"ref-for-attestation-key-pair\u2468"}],"title":"14.4.1. Attestation Privacy"}],"url":"#attestation-key-pair"}, "attestation-object": {"dfnID":"attestation-object","dfnText":"attestation object","external":false,"refSections":[{"refs":[{"id":"ref-for-attestation-object"},{"id":"ref-for-attestation-object\u2460"},{"id":"ref-for-attestation-object\u2461"}],"title":"4. Terminology"},{"refs":[{"id":"ref-for-attestation-object\u2462"}],"title":"5. Web Authentication API"},{"refs":[{"id":"ref-for-attestation-object\u2463"},{"id":"ref-for-attestation-object\u2464"}],"title":"5.2.1. Information About Public Key Credential (interface AuthenticatorAttestationResponse)"},{"refs":[{"id":"ref-for-attestation-object\u2465"}],"title":"5.2.1.1. Easily accessing credential data"},{"refs":[{"id":"ref-for-attestation-object\u2466"}],"title":"5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)"},{"refs":[{"id":"ref-for-attestation-object\u2467"},{"id":"ref-for-attestation-object\u2468"}],"title":"6.3.2. The authenticatorMakeCredential Operation"},{"refs":[{"id":"ref-for-attestation-object\u2460\u24ea"},{"id":"ref-for-attestation-object\u2460\u2460"},{"id":"ref-for-attestation-object\u2460\u2461"}],"title":"6.5. Attestation"},{"refs":[{"id":"ref-for-attestation-object\u2460\u2462"}],"title":"6.5.1. Attested Credential Data"},{"refs":[{"id":"ref-for-attestation-object\u2460\u2463"},{"id":"ref-for-attestation-object\u2460\u2464"}],"title":"6.5.4. Generating an Attestation Object"},{"refs":[{"id":"ref-for-attestation-object\u2460\u2465"}],"title":"7.1. Registering a New Credential"},{"refs":[{"id":"ref-for-attestation-object\u2460\u2466"}],"title":"8.2.1. Certificate Requirements for Packed Attestation Statements"},{"refs":[{"id":"ref-for-attestation-object\u2460\u2467"},{"id":"ref-for-attestation-object\u2460\u2468"}],"title":"13.4.4. Attestation Limitations"}],"url":"#attestation-object"},