brandonweeks / draft-bweeks-acme-device-attest Goto Github PK

I've been trying to follow the webauthn spec's tpm attestation. But at what point of the flow do we prove that the AK and the EK are on the same device here? It only seems to check that the AK signed the challenge and that the Attestation CA signed the AK but it does not perform the activation handshake that proves that the EK and AK are on the same cryptographic device before signing the AK. They just say "It's the responsibility of the Attestation CA to check that the EK and AK are there") Is that something that is planned to be added to this spec? Or did I read over it? as it seems like an important part of attestation to actually check that the device is genuine.

Description

ACME RFC section-6.7 defines some standard errors. A device attestation error should be defined, something like:

I'm interested in using Apple DeviceCheck with this spec as DeviceCheck exists today and can be used in non-enterprise settings.. Problem is that DeviceCheck[0] adheres to Webauthn more strictly than this spec and thus it seems impossible to combine at the moment. The problem lies in the redefinition of attToBeSigned. Namely Devicecheck will concatenate the authData instead of ignorintg it

Instead of defining attToBeSigned = sha256(key authorization)

it defines it as :

attToBeSigned = authData || sha256(keyAuthorization)

I think we could adopt the spec in a backwards compatible way with the current spec to say:

authData MAY be present if authData is present it MUST be prepended to attToBeSigned

This would make Apple DeviceCheck[0] compatible with this spec.

[0] - https://developer.apple.com/documentation/devicecheck/validating_apps_that_connect_to_your_server