webauthn icon indicating copy to clipboard operation
webauthn copied to clipboard

Published 20 hours ago verified publisher icon w3c

"android-key" and "android-safetynet" are really basic attestation type support?

Open Kieun opened this issue 1 year ago • 12 comments

Proposed Change

While I'm integrating FIDO MDS3 with our WebAuthn Server, I figured out that the the FIDO spec and WebAuthn Spec does not align properly regarding attestation types.

The FIDO spec describes that

ATTESTATION_ANONCA 0x3E0C "anonca" In this case, the authenticator uses an Anonymization CA which dynamically generates per-credential attestation certificates such that the attestation statements presented to Relying Parties do not provide uniquely identifiable information, e.g., that might be used for tracking purposes. The applicable [WebAuthn] attestation formats "fmt" are Google SafetyNet Attestation "android-safetynet", Android Keystore Attestation "android-key", Apple Anonymous Attestation "apple", and Apple Application Attestation "apple-appattest".

As indicated, "android-safetynet", "android-key" and "apple" attestation format support Anonymization CA.

In the WebAuthn Spec, The "android-key" and "android-safteynet" support "basic" attestation and "apple" format supports "anonymization ca". Also, the spec defines that, Basic attestation is

In the case of basic attestation [UAFProtocol], the authenticator’s attestation key pair is specific to an authenticator "model", i.e., a "batch" of authenticators. Thus, authenticators of the same, or similar, model often share the same attestation key pair. See § 14.4.1 Attestation Privacy for further information.

Basic attestation is also referred to as batch attestation.

Anonymization CA is

In this case, the authenticator uses an Anonymization CA which dynamically generates per-credential attestation certificates such that the attestation statements presented to Relying Parties do not provide uniquely identifiable information, e.g., that might be used for tracking purposes.

As per my understanding, Android key attestation generates the attestation certificate per the attestation public key pair (which is equal to credential public key pair). So it should be Anonymization CA rather than Basic. In case of Android safetynet, it is not clear that the attestation certificate which is used to sign JWS is generated per the cerdential or just batched certificate. Depending on it, it would be Basic or Anonymization CA.

Kieun avatar Oct 26 '22 02:10 Kieun