From 2b9670ca96f9d0336d65ffbddbab6375091cd115 Mon Sep 17 00:00:00 2001
From: Nick Steele <344821+nicksteele@users.noreply.github.com>
Date: Wed, 4 Oct 2023 15:12:25 -0400
Subject: [PATCH 1/2] Resolve Tim's Nit
---
index.bs | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/index.bs b/index.bs
index 687032dc5..77b8facc9 100644
--- a/index.bs
+++ b/index.bs
@@ -4093,12 +4093,12 @@ considered more trustworthy than the rest of the authenticator.
Each authenticator stores a credentials map, a [=map=] from ([=rpId=], [=public key credential source/userHandle=]) to
[=public key credential source=].
-Additionally, each authenticator has an Authenticator Attestation GUID or AAGUID, which is a 128-bit identifier indicating the type (e.g. make and model) of the
-authenticator. The AAGUID MUST be chosen by its maker to be identical across all substantially identical authenticators made by that maker, and
-different (with high probability) from the AAGUIDs of all other types of authenticators. The AAGUID for a given type of authenticator SHOULD be
-randomly generated to ensure this. The [=[RP]=] MAY use the AAGUID to infer certain properties of the authenticator, such as certification level
-and strength of key protection, using information from other sources. The [=RP=] MAY use the AAGUID to attempt to identify the maker of the authenticator
-without performing [=attestation=], but would be unable to trust that inference unless [=attestation=] is performed.
+Additionally, each authenticator has an Authenticator Attestation Globally Unique Identifier or AAGUID, which is a 128-bit identifier
+indicating the type (e.g. make and model) of the authenticator. The AAGUID MUST be chosen by its maker to be identical across all substantially identical
+authenticators made by that maker, and different (with high probability) from the AAGUIDs of all other types of authenticators. The AAGUID for a given type
+of authenticator SHOULD be randomly generated to ensure this. The [=[RP]=] MAY use the AAGUID to infer certain properties of the authenticator, such as
+certification level and strength of key protection, using information from other sources. The [=RP=] MAY use the AAGUID to attempt to identify the maker of
+the authenticator without performing [=attestation=], but would be unable to trust that inference unless [=attestation=] is performed.
The primary function of the authenticator is to provide [=WebAuthn signatures=], which are bound to various contextual data. These
data are observed and added at different levels of the stack as a signature request passes from the server to the
From 89bee48c39b50b5ca775fed5d5f5223ab0118044 Mon Sep 17 00:00:00 2001
From: Nick Steele <344821+nicksteele@users.noreply.github.com>
Date: Wed, 4 Oct 2023 15:39:53 -0400
Subject: [PATCH 2/2] Update wording for verification
---
index.bs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/index.bs b/index.bs
index 77b8facc9..7fc00031c 100644
--- a/index.bs
+++ b/index.bs
@@ -4098,7 +4098,7 @@ indicating the type (e.g. make and model) of the authenticator. The AAGUID MUST
authenticators made by that maker, and different (with high probability) from the AAGUIDs of all other types of authenticators. The AAGUID for a given type
of authenticator SHOULD be randomly generated to ensure this. The [=[RP]=] MAY use the AAGUID to infer certain properties of the authenticator, such as
certification level and strength of key protection, using information from other sources. The [=RP=] MAY use the AAGUID to attempt to identify the maker of
-the authenticator without performing [=attestation=], but would be unable to trust that inference unless [=attestation=] is performed.
+the authenticator without requesting and verifying [=attestation=], but the AAGUID is not provably authentic without [=attestation=].
The primary function of the authenticator is to provide [=WebAuthn signatures=], which are bound to various contextual data. These
data are observed and added at different levels of the stack as a signature request passes from the server to the