Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Also validate revocation reasons in attestation #119

Merged
merged 2 commits into from
Apr 24, 2024
Merged

Also validate revocation reasons in attestation #119

merged 2 commits into from
Apr 24, 2024

Conversation

phavekes
Copy link
Member

No description provided.

@phavekes phavekes requested review from pmeulen and MKodde April 19, 2024 07:18
@phavekes phavekes force-pushed the feature/check-revocation branch from 19756a2 to feaba6b Compare April 19, 2024 07:38
@phavekes phavekes force-pushed the feature/check-revocation branch from feaba6b to 1e2cd4a Compare April 19, 2024 07:56
MKodde
MKodde approved these changes Apr 23, 2024
View reviewed changes
Copy link
Member

@MKodde MKodde left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice addition. I now started thinking. Would not the latest report be the current one? In other words, should we not only evaluate the latest and greatest? I think I'm onto something here.

See https://fidoalliance.org/specs/mds/fido-metadata-service-v3.0-ps-20210518.html#statusreport-dictionary

We can use the effectiveDate to check if the report is to be considered.
Any remaining reports can be evaluated with the current algo

@phavekes
Copy link
Member Author

Nice addition. I now started thinking. Would not the latest report be the current one? In other words, should we not only evaluate the latest and greatest? I think I'm onto something here.

See https://fidoalliance.org/specs/mds/fido-metadata-service-v3.0-ps-20210518.html#statusreport-dictionary

We can use the effectiveDate to check if the report is to be considered. Any remaining reports can be evaluated with the current algo

"If no date is given, the status is assumed to be effective while present."

That complicates things. What if one report has an effectivedate, and another one hasn't?
I don't think effectiveDate adds to the security of the evaluation.

We could use the effectiveDate in case of ATTESTATION_KEY_COMPROMISE to delete any enrollments past this date, but that's not something for this code.

@phavekes phavekes merged commit e2d0318 into main Apr 24, 2024
1 check passed
@phavekes phavekes deleted the feature/check-revocation branch April 24, 2024 07:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MKodde MKodde MKodde approved these changes

@pmeulen pmeulen Awaiting requested review from pmeulen

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@phavekes @MKodde