From bcd428d84e3f0094fc75a77aa45985bd4e0ff9f9 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@chromium.org>
Date: Wed, 25 Sep 2024 10:05:32 -0700
Subject: [PATCH] Mark Android SafetyNet attestation as deprecated.

Google have
[announced](https://developer.android.com/privacy-and-security/safetynet/deprecation-timeline)
the deprecation of SafetyNet in general, and [specifically
for](https://android-developers.googleblog.com/2024/09/attestation-format-change-for-android-fido2-api.html)
WebAuthn.

This change adds a note in the SafetyNet section that it may be removed
in a future revision of the spec.
---
 index.bs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/index.bs b/index.bs
index 0db3e9d0a..2ff1e861f 100644
--- a/index.bs
+++ b/index.bs
@@ -6659,6 +6659,8 @@ data</dfn> is identified by the OID `1.3.6.1.4.1.11129.2.1.17`, and its schema i
 
 ## Android SafetyNet Attestation Statement Format ## {#sctn-android-safetynet-attestation}
 
+Note: This format is deprecated and is expected to be removed in a future revision of this document.
+
 When the [=authenticator=] is a [=platform authenticator=] on certain Android platforms, the attestation
 statement may be based on the [SafetyNet API](https://developer.android.com/training/safetynet/attestation#compat-check-response). In
 this case the [=authenticator data=] is completely controlled by the caller of the SafetyNet API (typically an application