Enterprise attestation implementation

[Praveen PPT]

We are in the process of implementing enterprise attestation in our FIDO (https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html)

Below are few doubts that we have encountered,

Vendor-facilitated enterprise attestation,

1. Will the attestation be static or calculated over some attestation data?
2. If static, how will this be injected into the authenticator? Do you suggest using Vendor Prototype commands?
3. If we need to support Vendor Prototype command as mentioned above, then what level of security do you expect?

Platform-managed enterprise attestation:

1. We were not able to completely understand from the specification how the platform will do enterprise attestation, can you provide some clarity.
2. Do we have to support Vendor Prototype command for the platform to inject the keys for generating signature?
3. If we need to support Vendor Prototype command as mentioned above, then what level of security do you expect?
4. On what data the platform will do signature calculation?

When we support enterprise attestation do we also have to send authenticator attestation signature?

Where can we find information on how to compute enterprise attestation signatute? Like input data to be used, keys to be used.