Merge pull request #2199 from w3c/ve7jtb-Fix-2198-WebAuthn-Clients-sh…

…ould-NOT-zero-out-AAGUIDs-from-security-keys-when-attestation-is-none- WebAuthn Clients should NOT zero out AAGUIDs from security keys when attestation is none
w3c · Nov 14, 2024 · 654d384 · 654d384
2 parents 814e03a + 5d74429
commit 654d384
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/index.bs b/index.bs
@@ -2171,7 +2171,6 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
                                   1. If the [=authData/attestedCredentialData/aaguid=] in the [=attested credential data=] is 16 zero bytes, <code>|credentialCreationData|.[=attestationObjectResult=].fmt</code> is "packed", and "x5c" is absent from <code>|credentialCreationData|.[=attestationObjectResult=]</code>, then [=self attestation=] is being used and no further action is needed.
                                   1. Otherwise:
                                       1. Set the value of <code>|credentialCreationData|.[=attestationObjectResult=].fmt</code> to "none", and set the value of <code>|credentialCreationData|.[=attestationObjectResult=].attStmt</code> to be an empty [=CBOR=] map. (See [[#sctn-none-attestation]] and [[#sctn-generating-an-attestation-object]]).
-                                      1. If |authenticator| is not a [=platform authenticator=] then replace the [=authData/attestedCredentialData/aaguid=] in the [=attested credential data=] with 16 zero bytes.
 
                             :   {{AttestationConveyancePreference/indirect}}
                             ::  The client MAY replace the [=authData/attestedCredentialData/aaguid=] and [=attestation statement=] with a more privacy-friendly