I have a question about FIDO metadata.

[juns]

1. Do I need to get a unique aaguid issued by FIDO Alliance ? Or can I create it randomly and use it?

2. Is there any reference to the process of verifying the authenticator device with metadata?

3. Can I use the certificate generated by the company or individual of the metadata's "attestationRootCertificates"?

[Shane Weeden]

1. You can generate and use your own. 

2. See section 7 of the WebAuthn specification. 

3. You can generate and use your own provided there aid some minimum number of authenticators issued with the same attestation private key. 

Sent from my iPhone

On 7 Dec 2022, at 10:46 pm, juns <choo...@gmail.com> wrote:



1. Do I need to get a unique aaguid issued by FIDO Alliance ? Or can I create it randomly and use it?

2. Is there any reference to the process of verifying the authenticator device with metadata?

3. Can I use the certificate generated by the company or individual of the metadata's "attestationRootCertificates"?

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/1bd5a03f-94a6-436d-8f66-85a48ed2c068n%40fidoalliance.org.