Automata Docs
  • Understanding Automata
    • What is Automata?
      • TEE Coprocessor
      • Proof of Machinehood
        • Optimistic Attestation
        • Zero Knowledge Proof
        • Modular Trust
    • Key terms
  • TEE Overview
    • TEE Prover
    • Multi-Prover AVS (EigenLayer)
      • Operator guide
        • Installation
        • Deposit strategies
        • Opt in to run AVS
        • FAQ
    • TEE Compile
      • Getting Started
      • Vendorizing
      • Attestation Report
    • TEE Builder
      • Block Builder Architecture
      • Stateless Executor
    • Verifiable Random Function
      • Why Automata VRF
      • How does Automata VRF work
      • Attestation
  • Build with PoM
    • Introduction
      • Smart contract libraries
      • Attestations on Verax
      • Frequently asked questions
    • Attestation module
      • Machine Attestation
        • Intel SGX
        • AWS Nitro Enclaves
        • Miscellaneous
      • Device Attestation
        • Yubikey
        • Andriod
        • Apple
        • Windows
        • FIDO U2F Authenticator
      • WebAuthn Attestation
        • WebAuthn Attestation Types
        • Attestation Statements & Privacy Impacts
  • Backed by PoM
    • 1RPC
    • L2Faucet
      • Frequently asked questions
  • Protocol
    • App-Specific Rollup
    • Mainnet
    • Testnet
    • Bridge
      • Bridging Native Tokens from L1 to L2
      • Bridging Native Tokens from L2 to L1
    • Explorer
    • Specification
      • Attestation
      • Attestor
      • Smart Contract
  • Research
    • Account Abstraction
    • Decentralized Randomness
    • Maximal Extractable Value
    • Reproducible Build
    • Lightpaper
Powered by GitBook
On this page

Was this helpful?

  1. Build with PoM
  2. Attestation module
  3. WebAuthn Attestation

WebAuthn Attestation Types

PreviousWebAuthn AttestationNextAttestation Statements & Privacy Impacts

Last updated 1 year ago

Was this helpful?

WebAuthn supports several , defining the semantics of and their underlying trust models.

  • Basic Attestation (Basic)

    • This type of attestation contains a signature that is generated by the private key of the attestation key pair.

    • It also includes a certificate that can be used to verify the signature.

    • The certificate might be an end-entity certificate or a batch certificate.

  • Self Attestation (Self)

    • In this case, the private key of the attestation key pair is used for the signature, but unlike Basic Attestation, the certificate here is generated by the authenticator itself, rather than being issued by an external entity.

    • This type of attestation is typically used for authenticators that cannot or do not wish to obtain external attestation.

  • Attestation CA (AttCA)

    • This type of attestation involves a Privacy Certificate Authority (Privacy CA).

    • The authenticator first generates a self attestation and sends it to the Privacy CA.

    • The Privacy CA validates the self attestation and then generates a new certificate that doesn't contain any information that can trace back to a specific authenticator.

    • The purpose of this method is to enhance user privacy.

  • Anonymization CA (AnonCA)

    • This type of attestation is similar in concept to the Attestation CA Attestation, but with a stronger focus on user privacy.

    • In the AnonCA model, the authenticator generates a key pair and sends the public key to the Anonymization CA. The AnonCA then issues a certificate for the public key, but in a way that ensures the certificate cannot be linked back to the original request from the authenticator.

    • This means that even if an attacker has access to both the AnonCA's logs and the attestation statement, they cannot correlate the two and trace back to the individual authenticator or user.

    • The primary goal of the AnonCA is to provide a level of attestation while ensuring that the user's privacy is maintained. The AnonCA acts as a mediator to vouch for the authenticity of the device without revealing its exact identity.

  • No attestation statement (None)

    • This type of attestation does not contain any attestation information.

    • It's simply a structure without any attestation details.

References

attestation types
attestation statements
Attestation types