iOS: Evaluate time between Attestation and Assertion #1
Assignees
Labels
Comments
|
The way we are using attestation and assertion, we should define the default maximum time of 30 seconds between these two steps. |
|
assertion contains no timestamp. What do? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, no checks are performed, wrt the time difference between the creation of an attestation and an assertion.
This is especially important for the key attestation scenario, since an assertion are created right after an attestation.
As the assertion contains no signature time, the only indication we have, is the time difference between the creation of an attestation and the point in time the assertion is checked.
Is this even sensible here, or should this be handled in whichever business logic integrates this library (i.e. through expiring nonces)?
Possible implementation: Make this check optional through a nullable configuration parameter.
Discussion point:
The text was updated successfully, but these errors were encountered: