Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add packed attestation optional firmware version attribute #1953

Merged
merged 6 commits into from
Mar 13, 2024
Merged

Add packed attestation optional firmware version attribute #1953

merged 6 commits into from
Mar 13, 2024

Conversation

dwaite
Copy link
Contributor

@dwaite dwaite commented Aug 30, 2023
edited by pr-preview bot
Loading

This describes the FIDO OID and data for the firmware version attribute.

It also changes the AIA attribute above it, which appears to actually have been added to the required attributes list.

Preview | Diff

@dwaite
Add packed attestation descriotion of the firmware version attribute.…
872589a 
… Also, clarify that the AIA extension is optional.
@dwaite
Copy link
Contributor Author

dwaite commented Aug 30, 2023

Fixes #1952

@dwaite dwaite requested a review from ve7jtb August 30, 2023 18:45
@dwaite dwaite linked an issue Aug 30, 2023 that may be closed by this pull request
Describe firmware OID usage in packed attestation #1952
Closed
emlun
emlun reviewed Aug 31, 2023
View reviewed changes
index.bs Outdated Show resolved Hide resolved
index.bs Outdated Show resolved Hide resolved
agl
agl reviewed Sep 5, 2023
View reviewed changes
index.bs Outdated Show resolved Hide resolved
@nadalin nadalin added this to the L3-WD-01 milestone Sep 6, 2023
@sbweeden
Copy link
Contributor

sbweeden commented Sep 6, 2023

Here's an example of b64url-encoded packed attestation from a Yubikey. I believe that was the ask? @dwaite

o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEgwRgIhAOzCzj0kRXc9z_AGbVPKaqto3YDrO3X-q_SeuUHLA5wPAiEAzTlYMf2mvzYbd-K2qrfvF9pUF17o1TVWBp8Uf_xzhRhjeDVjgVkCwTCCAr0wggGloAMCAQICBBisRsAwDQYJKoZIhvcNAQELBQAwLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBSb290IENBIFNlcmlhbCA0NTcyMDA2MzEwIBcNMTQwODAxMDAwMDAwWhgPMjA1MDA5MDQwMDAwMDBaMG4xCzAJBgNVBAYTAlNFMRIwEAYDVQQKDAlZdWJpY28gQUIxIjAgBgNVBAsMGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xJzAlBgNVBAMMHll1YmljbyBVMkYgRUUgU2VyaWFsIDQxMzk0MzQ4ODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHnqOyx8SXAQYiMM0j_rYOUpMXHUg_EAvoWdaw-DlwMBtUbN1G7PyuPj8w-B6e1ivSaNTB69N7O8vpKowq7rTjqjbDBqMCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS43MBMGCysGAQQBguUcAgEBBAQDAgUgMCEGCysGAQQBguUcAQEEBBIEEMtpSB6P90A5k-wKJymhVKgwDAYDVR0TAQH_BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAl50Dl9hg-C7hXTEceW66-yL6p-CE2bq0xhu7V_PmtMGKSDe4XDxO2-SDQ_TWpdmxztqK4f7UkSkhcwWOXuHL3WvawHVXxqDo02gluhWef7WtjNr4BIaM-Q6PH4rqF8AWtVwqetSXyJT7cddT15uaSEtsN21yO5mNLh1DBr8QM7Wu-Myly7JWi2kkIm0io1irfYfkrF8uCRqnFXnzpWkJSX1y9U4GusHDtEE7ul6vlMO2TzT566Qay2rig3dtNkZTeEj-6IS93fWxuleYVM_9zrrDRAWVJ-Vt1Zj49WZxWr5DAd0ZETDmufDGQDkSU-IpgD867ydL7b_eP8u9QurWeWhhdXRoRGF0YViUqiG-djSKVNwMgGU2w25AS8oEQsOcOeDlb6wZKQYe2HdFAAAAQMtpSB6P90A5k-wKJymhVKgAEH2T_Hlf6Z5L3MPtkiq0Zl2lAQIDJiABIVggTt7WKbgGkv5fz8lgEo_0HgjX4HIuhDmgsdjHW5YYgFciWCBlUQP_OSe6Iw4y6uFKMRfscAh5XdLZTG6jT4LMSwh6WA

@sbweeden sbweeden removed their assignment Sep 6, 2023
@agl
Copy link
Contributor

agl commented Sep 7, 2023

Thanks Shane.

Based on there, here's a possible example. You said that you wanted all the extensions included. I'm happy to tweak this further if you let me know what needs to be in it.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 16909060 (0x1020304)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=Example attestation certificate
        Validity
            Not Before: Aug  1 00:00:00 2014 GMT
            Not After : Sep  4 00:00:00 2050 GMT
        Subject: C=US, O=WebAuthn WG, CN=Attestation example
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub: 
                    04:79:ea:3b:2c:7c:49:70:10:62:23:0c:d2:3f:eb:
                    60:e5:29:31:71:d4:83:f1:00:be:85:9d:6b:0f:83:
                    97:03:01:b5:46:cd:d4:6e:cf:ca:e3:e3:f3:0f:81:
                    e9:ed:62:bd:26:8d:4c:1e:bd:37:b3:bc:be:92:a8:
                    c2:ae:eb:4e:3a
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            1.3.6.1.4.1.45724.1.1.5: 
                ..*
            X509v3 Basic Constraints: critical
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
         97:9d:03:97:d8:60:f8:2e:e1:5d:31:1c:79:6e:ba:fb:22:fa:
         a7:e0:84:d9:ba:b4:c6:1b:bb:57:f3:e6:b4:c1:8a:48:37:b8:
         5c:3c:4e:db:e4:83:43:f4:d6:a5:d9:b1:ce:da:8a:e1:fe:d4:
         91:29:21:73:05:8e:5e:e1:cb:dd:6b:da:c0:75:57:c6:a0:e8:
         d3:68:25:ba:15:9e:7f:b5:ad:8c:da:f8:04:86:8c:f9:0e:8f:
         1f:8a:ea:17:c0:16:b5:5c:2a:7a:d4:97:c8:94:fb:71:d7:53:
         d7:9b:9a:48:4b:6c:37:6d:72:3b:99:8d:2e:1d:43:06:bf:10:
         33:b5:ae:f8:cc:a5:cb:b2:56:8b:69:24:22:6d:22:a3:58:ab:
         7d:87:e4:ac:5f:2e:09:1a:a7:15:79:f3:a5:69:09:49:7d:72:
         f5:4e:06:ba:c1:c3:b4:41:3b:ba:5e:af:94:c3:b6:4f:34:f9:
         eb:a4:1a:cb:6a:e2:83:77:6d:36:46:53:78:48:fe:e8:84:bd:
         dd:f5:b1:ba:57:98:54:cf:fd:ce:ba:c3:44:05:95:27:e5:6d:
         d5:98:f8:f5:66:71:5a:be:43:01:dd:19:11:30:e6:b9:f0:c6:
         40:39:12:53:e2:29:80:3f:3a:ef:27:4b:ed:bf:de:3f:cb:bd:
         42:ea:d6:79
-----BEGIN CERTIFICATE-----
MIICRDCCASygAwIBAgIEAQIDBDANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9F
eGFtcGxlIGF0dGVzdGF0aW9uIGNlcnRpZmljYXRlMCAXDTE0MDgwMTAwMDAwMFoY
DzIwNTAwOTA0MDAwMDAwWjBBMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLV2ViQXV0
aG4gV0cxHDAaBgNVBAMME0F0dGVzdGF0aW9uIGV4YW1wbGUwWTATBgcqhkjOPQIB
BggqhkjOPQMBBwNCAAR56jssfElwEGIjDNI/62DlKTFx1IPxAL6FnWsPg5cDAbVG
zdRuz8rj4/MPgentYr0mjUwevTezvL6SqMKu6046oyQwIjASBgsrBgEEAYLlHAEB
BQQDAgEqMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJedA5fYYPgu
4V0xHHluuvsi+qfghNm6tMYbu1fz5rTBikg3uFw8Ttvkg0P01qXZsc7aiuH+1JEp
IXMFjl7hy91r2sB1V8ag6NNoJboVnn+1rYza+ASGjPkOjx+K6hfAFrVcKnrUl8iU
+3HXU9ebmkhLbDdtcjuZjS4dQwa/EDO1rvjMpcuyVotpJCJtIqNYq32H5KxfLgka
pxV586VpCUl9cvVOBrrBw7RBO7per5TDtk80+eukGstq4oN3bTZGU3hI/uiEvd31
sbpXmFTP/c66w0QFlSflbdWY+PVmcVq+QwHdGREw5rnwxkA5ElPiKYA/Ou8nS+2/
3j/LvULq1nk=
-----END CERTIFICATE-----

@emlun
Copy link
Member

emlun commented Sep 29, 2023
edited
Loading

Here is an example with all three extensions, as I understand their specification:

  • 1.3.6.1.4.1.45724.1.1.2 (id-fido-gen-ce-sernum)
  • 1.3.6.1.4.1.45724.1.1.4 (id-fido-gen-ce-aaguid)
  • 1.3.6.1.4.1.45724.1.1.5 (id-fido-gen-ce-fw-version)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 16909060 (0x1020304)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = Example attestation certificate
        Validity
            Not Before: Aug  1 00:00:00 2014 GMT
            Not After : Sep  4 00:00:00 2050 GMT
        Subject: C = US, O = WebAuthn WG, CN = Attestation example
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:79:ea:3b:2c:7c:49:70:10:62:23:0c:d2:3f:eb:
                    60:e5:29:31:71:d4:83:f1:00:be:85:9d:6b:0f:83:
                    97:03:01:b5:46:cd:d4:6e:cf:ca:e3:e3:f3:0f:81:
                    e9:ed:62:bd:26:8d:4c:1e:bd:37:b3:bc:be:92:a8:
                    c2:ae:eb:4e:3a
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            1.3.6.1.4.1.45724.1.1.2: 
                ..k.[}..e
            1.3.6.1.4.1.45724.1.1.4: 
                ....9\&...e;.y}..<
            1.3.6.1.4.1.45724.1.1.5: 
                ..*
            X509v3 Basic Constraints: critical
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        97:9d:03:97:d8:60:f8:2e:e1:5d:31:1c:79:6e:ba:fb:22:fa:
        a7:e0:84:d9:ba:b4:c6:1b:bb:57:f3:e6:b4:c1:8a:48:37:b8:
        5c:3c:4e:db:e4:83:43:f4:d6:a5:d9:b1:ce:da:8a:e1:fe:d4:
        91:29:21:73:05:8e:5e:e1:cb:dd:6b:da:c0:75:57:c6:a0:e8:
        d3:68:25:ba:15:9e:7f:b5:ad:8c:da:f8:04:86:8c:f9:0e:8f:
        1f:8a:ea:17:c0:16:b5:5c:2a:7a:d4:97:c8:94:fb:71:d7:53:
        d7:9b:9a:48:4b:6c:37:6d:72:3b:99:8d:2e:1d:43:06:bf:10:
        33:b5:ae:f8:cc:a5:cb:b2:56:8b:69:24:22:6d:22:a3:58:ab:
        7d:87:e4:ac:5f:2e:09:1a:a7:15:79:f3:a5:69:09:49:7d:72:
        f5:4e:06:ba:c1:c3:b4:41:3b:ba:5e:af:94:c3:b6:4f:34:f9:
        eb:a4:1a:cb:6a:e2:83:77:6d:36:46:53:78:48:fe:e8:84:bd:
        dd:f5:b1:ba:57:98:54:cf:fd:ce:ba:c3:44:05:95:27:e5:6d:
        d5:98:f8:f5:66:71:5a:be:43:01:dd:19:11:30:e6:b9:f0:c6:
        40:39:12:53:e2:29:80:3f:3a:ef:27:4b:ed:bf:de:3f:cb:bd:
        42:ea:d6:79
-----BEGIN CERTIFICATE-----
MIICgTCCAWmgAwIBAgIEAQIDBDANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9F
eGFtcGxlIGF0dGVzdGF0aW9uIGNlcnRpZmljYXRlMCAXDTE0MDgwMTAwMDAwMFoY
DzIwNTAwOTA0MDAwMDAwWjBBMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLV2ViQXV0
aG4gV0cxHDAaBgNVBAMME0F0dGVzdGF0aW9uIGV4YW1wbGUwWTATBgcqhkjOPQIB
BggqhkjOPQMBBwNCAAR56jssfElwEGIjDNI/62DlKTFx1IPxAL6FnWsPg5cDAbVG
zdRuz8rj4/MPgentYr0mjUwevTezvL6SqMKu6046o2EwXzAYBgsrBgEEAYLlHAEB
AgQJBAdrEFt9tvxlMCEGCysGAQQBguUcAQEEBBIEEM2MOVwm7e7eZTsAeX0Dyjww
EgYLKwYBBAGC5RwBAQUEAwIBKjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUA
A4IBAQCXnQOX2GD4LuFdMRx5brr7Ivqn4ITZurTGG7tX8+a0wYpIN7hcPE7b5IND
9Nal2bHO2orh/tSRKSFzBY5e4cvda9rAdVfGoOjTaCW6FZ5/ta2M2vgEhoz5Do8f
iuoXwBa1XCp61JfIlPtx11PXm5pIS2w3bXI7mY0uHUMGvxAzta74zKXLslaLaSQi
bSKjWKt9h+SsXy4JGqcVefOlaQlJfXL1Tga6wcO0QTu6Xq+Uw7ZPNPnrpBrLauKD
d202RlN4SP7ohL3d9bG6V5hUz/3OusNEBZUn5W3VmPj1ZnFavkMB3RkRMOa58MZA
ORJT4imAPzrvJ0vtv94/y71C6tZ5
-----END CERTIFICATE-----

Case in point: while making this example, I too forgot at first to wrap the id-fido-gen-ce-sernum extension value in two layers of OCTET STRING, not just one. 😄

Here are the extensions formatted similar to the current id-fido-gen-ce-aaguid example:

30  18                                      -- SEQUENCE
  06  0b  2b 06 01 04 01 82 e5 1c 01 01 02  -- OID 1.3.6.1.4.1.45724.1.1.2
  04  09                                    -- OCTET STRING
    04  07                                  -- OCTET STRING
      6b 10 5b 7d b6 fc 65                  -- Serial number/device identifier: 6b105b7db6fc65

30  21                                      -- SEQUENCE
  06  0b  2b 06 01 04 01 82 e5 1c 01 01 04  -- OID 1.3.6.1.4.1.45724.1.1.4
  04  12                                    -- OCTET STRING
    04  10                                  -- OCTET STRING
      cd 8c 39 5c 26 ed ee de               -- AAGUID: cd8c395c-26ed-eede-653b-00797d03ca3c
      65 3b 00 79 7d 03 ca 3c

30  12                                      -- SEQUENCE
  06  0b  2b 06 01 04 01 82 e5 1c 01 01 05  -- OID 1.3.6.1.4.1.45724.1.1.5
  04  03                                    -- OCTET STRING
    02  01                                  -- INTEGER
        2a                                  -- Firmware version: 42

The serial number example assumes the answer to my question about serial number format is that serial numbers are positive integers represented in big-endian two's complement notation (but of any length), not opaque byte strings.

@dwaite
Copy link
Contributor Author

dwaite commented Oct 4, 2023

@ve7jtb @dturnerx does @emlun 's interpretation of the requirements jive with the overall intent?

@emlun
Copy link
Member

emlun commented Oct 4, 2023

2023-10-04 WG call: We keep serial numbers as opaque byte strings.

I've updated the above example accordingly.

@plehegar plehegar modified the milestones: L3-WD-01, L3-WD-02 Oct 4, 2023
@dwaite
Copy link
Contributor Author

dwaite commented Oct 11, 2023

Here is an example with all three extensions, as I understand their specification:

  • 1.3.6.1.4.1.45724.1.1.2 (id-fido-gen-ce-sernum)
  • 1.3.6.1.4.1.45724.1.1.4 (id-fido-gen-ce-aaguid)
  • 1.3.6.1.4.1.45724.1.1.5 (id-fido-gen-ce-fw-version)

@emlun, would it be possible to get this example without sernum? Since this example will be in the non-enterprise section, I suspect that would be misleading to implementers.

We can decide on #1954 if we want a second full example or snippet of a serial number.

@emlun
Copy link
Member

emlun commented Oct 11, 2023

Sure:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 16909060 (0x1020304)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = Example attestation certificate
        Validity
            Not Before: Aug  1 00:00:00 2014 GMT
            Not After : Sep  4 00:00:00 2050 GMT
        Subject: C = US, O = WebAuthn WG, CN = Attestation example
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:79:ea:3b:2c:7c:49:70:10:62:23:0c:d2:3f:eb:
                    60:e5:29:31:71:d4:83:f1:00:be:85:9d:6b:0f:83:
                    97:03:01:b5:46:cd:d4:6e:cf:ca:e3:e3:f3:0f:81:
                    e9:ed:62:bd:26:8d:4c:1e:bd:37:b3:bc:be:92:a8:
                    c2:ae:eb:4e:3a
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            1.3.6.1.4.1.45724.1.1.4:
                ....9\&...e;.y}..<
            1.3.6.1.4.1.45724.1.1.5:
                ..*
            X509v3 Basic Constraints: critical
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        97:9d:03:97:d8:60:f8:2e:e1:5d:31:1c:79:6e:ba:fb:22:fa:
        a7:e0:84:d9:ba:b4:c6:1b:bb:57:f3:e6:b4:c1:8a:48:37:b8:
        5c:3c:4e:db:e4:83:43:f4:d6:a5:d9:b1:ce:da:8a:e1:fe:d4:
        91:29:21:73:05:8e:5e:e1:cb:dd:6b:da:c0:75:57:c6:a0:e8:
        d3:68:25:ba:15:9e:7f:b5:ad:8c:da:f8:04:86:8c:f9:0e:8f:
        1f:8a:ea:17:c0:16:b5:5c:2a:7a:d4:97:c8:94:fb:71:d7:53:
        d7:9b:9a:48:4b:6c:37:6d:72:3b:99:8d:2e:1d:43:06:bf:10:
        33:b5:ae:f8:cc:a5:cb:b2:56:8b:69:24:22:6d:22:a3:58:ab:
        7d:87:e4:ac:5f:2e:09:1a:a7:15:79:f3:a5:69:09:49:7d:72:
        f5:4e:06:ba:c1:c3:b4:41:3b:ba:5e:af:94:c3:b6:4f:34:f9:
        eb:a4:1a:cb:6a:e2:83:77:6d:36:46:53:78:48:fe:e8:84:bd:
        dd:f5:b1:ba:57:98:54:cf:fd:ce:ba:c3:44:05:95:27:e5:6d:
        d5:98:f8:f5:66:71:5a:be:43:01:dd:19:11:30:e6:b9:f0:c6:
        40:39:12:53:e2:29:80:3f:3a:ef:27:4b:ed:bf:de:3f:cb:bd:
        42:ea:d6:79
-----BEGIN CERTIFICATE-----
MIICZzCCAU+gAwIBAgIEAQIDBDANBgkqhkiG9w0BAQsFADAqMSgwJgYDVQQDEx9F
eGFtcGxlIGF0dGVzdGF0aW9uIGNlcnRpZmljYXRlMCAXDTE0MDgwMTAwMDAwMFoY
DzIwNTAwOTA0MDAwMDAwWjBBMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLV2ViQXV0
aG4gV0cxHDAaBgNVBAMME0F0dGVzdGF0aW9uIGV4YW1wbGUwWTATBgcqhkjOPQIB
BggqhkjOPQMBBwNCAAR56jssfElwEGIjDNI/62DlKTFx1IPxAL6FnWsPg5cDAbVG
zdRuz8rj4/MPgentYr0mjUwevTezvL6SqMKu6046o0cwRTAhBgsrBgEEAYLlHAEB
BAQSBBDNjDlcJu3u3mU7AHl9A8o8MBIGCysGAQQBguUcAQEFBAMCASowDAYDVR0T
AQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAl50Dl9hg+C7hXTEceW66+yL6p+CE
2bq0xhu7V/PmtMGKSDe4XDxO2+SDQ/TWpdmxztqK4f7UkSkhcwWOXuHL3WvawHVX
xqDo02gluhWef7WtjNr4BIaM+Q6PH4rqF8AWtVwqetSXyJT7cddT15uaSEtsN21y
O5mNLh1DBr8QM7Wu+Myly7JWi2kkIm0io1irfYfkrF8uCRqnFXnzpWkJSX1y9U4G
usHDtEE7ul6vlMO2TzT566Qay2rig3dtNkZTeEj+6IS93fWxuleYVM/9zrrDRAWV
J+Vt1Zj49WZxWr5DAd0ZETDmufDGQDkSU+IpgD867ydL7b/eP8u9QurWeQ==
-----END CERTIFICATE-----

Though it occurred to me now that I haven't updated the signature, so the certificate as a whole is not valid (neither of these two, though I haven't checked if the example from @agl has a valid signature).

But are we going to include the whole certificate in the example? Currently we only have an example like the second listing in my previous comment. For that example you can just omit the sernum part, the three sections are independent.

@dwaite
Copy link
Contributor Author

dwaite commented Oct 11, 2023

But are we going to include the whole certificate in the example? Currently we only have an example like the second listing in my previous comment. For that example you can just omit the sernum part, the three sections are independent.

I figure a signature is useful in the Base64-encoded section for someone to look at via tooling, but worth omitting in the textual view. I'll update the PR to show your example now.

@dwaite
Add example for review.
2c7874e 
Signature on the example is currently invalid.
@MasterKale

This comment was marked as outdated.

Sign in to view
@serianox

This comment was marked as outdated.

Sign in to view
@emlun

This comment was marked as outdated.

Sign in to view
@MasterKale

This comment was marked as outdated.

Sign in to view
@dwaite
Copy link
Contributor Author

dwaite commented Jan 3, 2024

I've updated this with a PEM encoded certificate and with deconstructed versions of the attributes. I request examination of the certificate contents and decomposition to make sure I got them correct/ideal.

The code I used to generate these is at https://github.com/dwaite/webauthn-sample-attestation

@emlun emlun self-requested a review January 10, 2024 20:19
@agl
Copy link
Contributor

agl commented Jan 31, 2024

Strong expectation to merge this next week. Time for final comments.

emlun
emlun approved these changes Feb 3, 2024
View reviewed changes
Copy link
Member

@emlun emlun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, sorry for the delay!

Two minor polish comments for optional consideration.

index.bs Show resolved Hide resolved
index.bs Show resolved Hide resolved
@dwaite
Copy link
Contributor Author

dwaite commented Feb 21, 2024

I did a cursory review of the diff text and visually verified the example against existing security keys. I found some trailing whitespace and a comment issue on the example. This should be good to go.

ve7jtb
ve7jtb approved these changes Mar 13, 2024
View reviewed changes
Copy link
Contributor

@ve7jtb ve7jtb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dwaite dwaite merged commit 354a717 into w3c:main Mar 13, 2024
2 checks passed
github-actions bot added a commit that referenced this pull request Mar 13, 2024
@dwaite @github-actions
Merge pull request #1953 from dwaite/packed-firmware-attribute
420a759 
SHA: 354a717
Reason: push, by dwaite

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@Firstyear Firstyear mentioned this pull request Aug 2, 2024
Open
@dwaite dwaite mentioned this pull request Sep 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emlun emlun emlun approved these changes

@Firstyear Firstyear Firstyear approved these changes

@ve7jtb ve7jtb ve7jtb approved these changes

@agl agl agl approved these changes

Assignees

@dwaite dwaite

Labels
type:editorial type:technical
Projects
None yet
Milestone
L3-WD-02
Development

Successfully merging this pull request may close these issues.

Describe firmware OID usage in packed attestation
10 participants
@dwaite @sbweeden @agl @emlun @MasterKale @serianox @ve7jtb @Firstyear @plehegar @nadalin