this is a very minor nice-to-have issue, can be addressed in a milestone later than wd-03 or not at all.

this may end up intertwining to some degree with issue #1453.

I'm proposing a change to the AttCA to the following:

Anonymous CA
In this case, the Authenticator works with a cloud-operated Anonymous CA owned by its manufacturer to dynamically generate per-credential attestation certificates on the CA such that no identification information of the authenticator will be revealed to RPs in the attestation statement.

The above is basing on the original description of Privacy CA and the writing from 14.4.1. Attestation Privacy. It's trying to keep the concept simple to only reflect the common facts. How the authenticator is communicated with the CA is intentionally omitted given it is very vendor specific. Comments are welcomed!

@alanwaketan to create PR

Do we know if there is any other shipping products of Anonymous CA, especially any TPM products?

The idea of an anonymous CA that the authenticator uses to generate per request attestations is different from what Google was proposing as a privacy CA.

The privacy CA was run by the browser and used to blind the RP to attributes of the Authenticator including potentially AAGUID.

They seem quite different to me. What apple is describing as anonymous is really what Google is doing for safetynet attestations.

We never did the privacy CA so getting rid of it is not a big problem. I just don't think they are the same.

When you speak to privacy CA, do you mean an anonymization CA or an attestation CA? My understanding is that privacy CA was ambiguous, hence the need for the other terms.

If anonymization CAs were eliminated, would this also deprecate the 'indirect' attestation conveyance preference?

wrt @alanwaketan's above proposal, I am concerned that the term "Anonymous CA" may be perceived as specifically referring to "Apple Anonymous Attestation". My offhand inclination is to retain the Attestation CA term as-is, and perhaps clarify it's definition as appropriate, as I mused about in the orig post.

I'm open to the naming of the thing, but how could we prevent the same problem with "Attestation CA" pointing to TCG's specific term. Maybe just stick to "Anonymization CA" where no vendors is using?

The idea of an anonymous CA that the authenticator uses to generate per request attestations is different from what Google was proposing as a privacy CA.

The privacy CA was run by the browser and used to blind the RP to attributes of the Authenticator including potentially AAGUID.

They seem quite different to me. What apple is describing as anonymous is really what Google is doing for safetynet attestations.

We never did the privacy CA so getting rid of it is not a big problem. I just don't think they are the same.

I don't think so. See: https://www.w3.org/TR/2017/WD-webauthn-20171205/#privacy-ca.
The SafetyNet attestation suggests itself only support the basic type of attestation.

When you speak to privacy CA, do you mean an anonymization CA or an attestation CA? My understanding is that privacy CA was ambiguous, hence the need for the other terms.

If anonymization CAs were eliminated, would this also deprecate the 'indirect' attestation conveyance preference?

What I'm trying to do here is to define Anonymization CA given attestation CA is too specific to TCG. I'm not sure if that implies deprecating "indirect" attestation.

Maybe just stick to "Anonymization CA" where no vendors is using?

Yes, that is what I'm suggesting.

Maybe just stick to "Anonymization CA" where no vendors is using?

Yes, that is what I'm suggesting.

I updated the PR with "Anonymization CA".

As I noted in PR #1474, I think "attestation CA" is the most general term of the three, as in it makes the least assumptions about what that CA will do. The other two seem like subcategories of this broader category.