New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
more fully delineate "privacy ca", "attestation ca", "anonymization ca" #1422
Comments
this is a very minor nice-to-have issue, can be addressed in a milestone later than wd-03 or not at all. |
this may end up intertwining to some degree with issue #1453. |
I'm proposing a change to the AttCA to the following:
The above is basing on the original description of Privacy CA and the writing from 14.4.1. Attestation Privacy. It's trying to keep the concept simple to only reflect the common facts. How the authenticator is communicated with the CA is intentionally omitted given it is very vendor specific. Comments are welcomed! |
@alanwaketan to create PR |
Do we know if there is any other shipping products of Anonymous CA, especially any TPM products? |
The idea of an anonymous CA that the authenticator uses to generate per request attestations is different from what Google was proposing as a privacy CA. The privacy CA was run by the browser and used to blind the RP to attributes of the Authenticator including potentially AAGUID. They seem quite different to me. What apple is describing as anonymous is really what Google is doing for safetynet attestations. We never did the privacy CA so getting rid of it is not a big problem. I just don't think they are the same. |
When you speak to privacy CA, do you mean an anonymization CA or an attestation CA? My understanding is that privacy CA was ambiguous, hence the need for the other terms. If anonymization CAs were eliminated, would this also deprecate the 'indirect' attestation conveyance preference? |
wrt @alanwaketan's above proposal, I am concerned that the term "Anonymous CA" may be perceived as specifically referring to "Apple Anonymous Attestation". My offhand inclination is to retain the Attestation CA term as-is, and perhaps clarify it's definition as appropriate, as I mused about in the orig post. |
I'm open to the naming of the thing, but how could we prevent the same problem with "Attestation CA" pointing to TCG's specific term. Maybe just stick to "Anonymization CA" where no vendors is using? |
I don't think so. See: https://www.w3.org/TR/2017/WD-webauthn-20171205/#privacy-ca. |
What I'm trying to do here is to define Anonymization CA given attestation CA is too specific to TCG. I'm not sure if that implies deprecating "indirect" attestation. |
Yes, that is what I'm suggesting. |
I updated the PR with "Anonymization CA". |
As I noted in PR #1474, I think "attestation CA" is the most general term of the three, as in it makes the least assumptions about what that CA will do. The other two seem like subcategories of this broader category. |
This patch adds a new section to illustrate how Apple Anonymous Attestation works in general. This PR is to fix w3c#1422.
…cts from Privacy CA/Attestation CA like technology such that different authenticator vendors can refer to it without refering to the TCG definition. This PR is to fix w3c#1422.
…cts from Privacy CA/Attestation CA like technology such that different authenticator vendors can refer to it without refering to the TCG definition. This PR is to fix w3c#1422.
…on CA (#1474) * This patch defines Anonymous CA which only gathers abstract common facts from Privacy CA/Attestation CA like technology such that different authenticator vendors can refer to it without refering to the TCG definition. This PR is to fix #1422. * Add note explaining that all attestation types other than Self and None use x509 certificate chain validation * This patch defines Anonymous CA which only gathers abstract common facts from Privacy CA/Attestation CA like technology such that different authenticator vendors can refer to it without refering to the TCG definition. This PR is to fix #1422. * Remove duplicate Anonymization CA definition * Address emlun Co-authored-by: Emil Lundberg <emil@emlun.se> * Improves the description of Anonymization CA. * Took Jeff's comments. Co-authored-by: =JeffH <jdhodges@google.com> Co-authored-by: Shane Weeden <sbweeden@users.noreply.github.com> Co-authored-by: Jiewen Tan <jiewen_tan@apple.com> Co-authored-by: Shane Weeden <sweeden@au1.ibm.com> Co-authored-by: Emil Lundberg <emil@emlun.se> Co-authored-by: =JeffH <jdhodges@google.com>
the "privacy ca", "attestation ca", "anonymization ca" terms appear in the spec in various places and the Note in 14.4.1. Attestation Privacy attempts to tease them apart, but could do a better job. Am imagining appending a bulleted list summarizing each's particular characteristics, or re-writing the Note to more clearly delineate between them.
The text was updated successfully, but these errors were encountered: