Google Passkey AAGUID

177 views
Skip to first unread message

Zhao Bin

unread,
Aug 24, 2023, 2:51:56 AM8/24/23
to FIDO Dev (fido-dev)
Hi

Recently we found that Google Passkey's AAGUID has been changed to ea9b8d66-4d01-1d21-3ce4-b6b48cb575d4. It used to be all 000s. 

May I know how Android changed it? Is it by Android OS update where certain OS still use 000xxx and newer ones use ea9b8d66-4d01-1d21-3ce4-b6b48cb575d4? Or by a Google Play service update?


Thank you.

Best Regards
Zhao Bin

Adam Langley

unread,
Aug 25, 2023, 9:24:04 AM8/25/23
to FIDO Dev (fido-dev), Zhao Bin
Google Password Manager is implemented in Play Services and it was a Play Services update.
 

Cheers

AGL

My1

unread,
Aug 25, 2023, 11:23:04 AM8/25/23
to Adam Langley, FIDO Dev (fido-dev), Zhao Bin
Thanks that it does have a AAGUID now tho, as that helps services to identify this as a google Passkey, and tell that to the User. is (or will) this be visible in fido Metadata or can only attestable things appear there? because Passkeys likely still are without attestation to the surprise of no one.

Regards.

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/b833e89f-5f22-47cd-a83f-ca49ffa53ac4n%40fidoalliance.org.

John Bradley

unread,
Aug 25, 2023, 11:31:39 AM8/25/23
to My1, Adam Langley, FIDO Dev (fido-dev), Zhao Bin
Uncertified authenticators are allowed in the MDS.  That is not a problem.  It is up to Google to decide if they want to list it.

In my opinion all authenticators that report AAGUID should be in the MDS so that people who use it don’t need to go digging around in multiple locations.

John B.

Xavier CHAPRON

unread,
Aug 25, 2023, 11:41:03 AM8/25/23
to John Bradley, My1, Adam Langley, FIDO Dev (fido-dev), Zhao Bin
Hello,


Uncertified authenticators are allowed in the MDS.  That is not a problem.  It is up to Google to decide if they want to list it.

In my opinion all authenticators that report AAGUID should be in the MDS so that people who use it don’t need to go digging around in multiple locations.
That's interesting. Do you have any pointer on the procedure to get an authentificator listed in the MDS?

Thanks,

Xavier Chapron



Les informations contenues dans ce message électronique ainsi que celles contenues dans les documents attachés sont strictement confidentielles et sont destinées à l'usage exclusif du (des) destinataire(s) nommé(s).
Toute divulgation, distribution ou reproduction, même partielle, en est strictement interdite sauf autorisation écrite et expresse de l’émetteur.
Si vous recevez ce message par erreur, veuillez le notifier immédiatement à son émetteur par retour, et le détruire ainsi que tous les documents qui y sont attachés.

The information contained in this email and in any document enclosed is strictly confidential and is intended solely for the use of the individual or entity to which it is addressed.
Partial or total disclosure, distribution or reproduction of its contents is strictly prohibited unless expressly approved in writing by the sender.
If you have received this communication in error, please notify us immediately by responding to this email, and then delete the message and its attached files from your system.

DUBOUCHER Thomas

unread,
Aug 25, 2023, 4:16:11 PM8/25/23
to Xavier CHAPRON, John Bradley, My1, Adam Langley, FIDO Dev (fido-dev), Zhao Bin

THALES GROUP LIMITED DISTRIBUTION to email recipients

 

Hi Xavier,

 

As far as I remember, you’ll simply need to register to https://mymds.fidoalliance.org/.

 

You don’t need to be a FIDO Alliance member, but you may need to be registered as a vendor.

 

Best regards,

 

--

Thomas Duboucher

Reply all
Reply to author
Forward
0 new messages