From d7e238e115263950228dea8cdead6c786be45491 Mon Sep 17 00:00:00 2001
From: philomathic_life <15947783+zacknewman@users.noreply.github.com>
Date: Thu, 19 Sep 2024 01:35:55 +0000
Subject: [PATCH] Exclude all platform authenticators that use self attesation
from having to use none attestation
---
index.bs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/index.bs b/index.bs
index c7de61dcf..2d1ac4c56 100644
--- a/index.bs
+++ b/index.bs
@@ -2175,7 +2175,7 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
: {{AttestationConveyancePreference/none}}
:: Replace potentially uniquely identifying information with non-identifying versions of the
same:
- 1. If the [=authData/attestedCredentialData/aaguid=] in the [=attested credential data=] is 16 zero bytes, |credentialCreationData|.[=attestationObjectResult=].fmt is "packed", and "x5c" is absent from |credentialCreationData|.[=attestationObjectResult=], then [=self attestation=] is being used and no further action is needed.
+ 1. If the [=authData/attestedCredentialData/aaguid=] in the [=attested credential data=] is 16 zero bytes or |authenticator| is a [=platform authenticator=], |credentialCreationData|.[=attestationObjectResult=].fmt is "packed", and "x5c" is absent from |credentialCreationData|.[=attestationObjectResult=], then [=self attestation=] is being used and no further action is needed.
1. Otherwise:
1. Set the value of |credentialCreationData|.[=attestationObjectResult=].fmt to "none", and set the value of |credentialCreationData|.[=attestationObjectResult=].attStmt to be an empty [=CBOR=] map. (See [[#sctn-none-attestation]] and [[#sctn-generating-an-attestation-object]]).
1. If |authenticator| is not a [=platform authenticator=] then replace the [=authData/attestedCredentialData/aaguid=] in the [=attested credential data=] with 16 zero bytes.