Is your feature request related to a problem? Please describe.
For fido-u2f attestations, the FIDO2 server does not enforce two requirements from the WebAuthn specification (§8.6, "FIDO U2F Attestation Statement Format"): that the x5c array contains exactly one attestation certificate, and that the attestation certificate's public key is an Elliptic Curve key over the P-256 curve. Statements that violate these (empty/multiple certificates, or a non-EC / non-P-256 key) are currently not rejected at this stage.
Describe the solution you'd like
During fido-u2f attestation verification:
- reject the statement unless x5c contains exactly one certificate;
- reject the statement unless the attestation certificate public key is an EC key over the P-256 curve.
Both should fail with a fido-u2f attestation error.
Describe alternatives you've considered
Relying on signature/chain validation alone — rejected, because it does not assert the single-certificate or P-256 key constraints, which the conformance suite checks explicitly.
Additional context
Part of the FIDO2 conformance effort (#9640).
Is your feature request related to a problem? Please describe.
For fido-u2f attestations, the FIDO2 server does not enforce two requirements from the WebAuthn specification (§8.6, "FIDO U2F Attestation Statement Format"): that the x5c array contains exactly one attestation certificate, and that the attestation certificate's public key is an Elliptic Curve key over the P-256 curve. Statements that violate these (empty/multiple certificates, or a non-EC / non-P-256 key) are currently not rejected at this stage.
Describe the solution you'd like
During fido-u2f attestation verification:
Both should fail with a fido-u2f attestation error.
Describe alternatives you've considered
Relying on signature/chain validation alone — rejected, because it does not assert the single-certificate or P-256 key constraints, which the conformance suite checks explicitly.
Additional context
Part of the FIDO2 conformance effort (#9640).