LEGAL
author J.C. Jones <jjones@mozilla.com>
Wed, 09 Aug 2017 20:05:23 -0700
changeset 374432 d95683eef9ba92f79901d099631fcd2b733d4c15
parent 1 9b2a99adc05e53cd4010de512f50118594756650
permissions -rw-r--r--
Bug 1387820 - WebAuthn WD-05 Get Assertion Data Fix r=keeler The WebAuthn WD-05 specification's Get Assertion method defines the returned AuthenticatorAssertionResponse as providing ClientData, AuthenticatorData, and the Signature from the Authenticator. Our implementation is incorrectly setting AuthenticatorData and Signature: AuthenticatorData as a structure is intended to mirror the structure from the AuthenticatorData [1] section of the Attestation CBOR Object [2] in the MakeCredential method, which we weren't doing _at all_. This is clarified in the editor's draft of the specification, soon to be WD-06. Signature for U2F Authenticators is defined as the "attestation signature", [3] which is under-specified and we assumed would be the raw output from the U2F Authenticator [4]. This should instead be the raw ANSI X9.62 signature with no additional bytes. [5] [1] https://www.w3.org/TR/2017/WD-webauthn-20170505/#sec-authenticator-data [2] https://www.w3.org/TR/2017/WD-webauthn-20170505/#sec-attestation-data [3] https://www.w3.org/TR/2017/WD-webauthn-20170505/#fido-u2f-attestation [4] https://lists.w3.org/Archives/Public/public-webauthn/2017Aug/0078.html [5] https://bugzilla.mozilla.org/show_bug.cgi?id=1387820#c4 MozReview-Commit-ID: DTIOILfS4pK

Please be apprised of the following Legal Notices:

A) The U.S. District Court for the Eastern District of Virginia has
ruled that the Netscape Navigator code does not infringe Wang's U.S.
Patent No. 4,751,669 ("the '669 Patent") because: 1) HTML is not
Videotex as defined by the '669 patent; 2) web servers are not central
suppliers; and 3) Navigator does not "connect," as defined by the '669
Patent, to web servers on the Internet. Wang may appeal this decision to
the Federal Circuit. Wang contended that its Patent disclosing a
"Videotex" system, is infringed by the following functionality in the
Netscape Navigator code: 1) the animated logo and status line indicators
--See Claims 1,8 and 9; 2) the "File Save As" function --See Claims
23-27; 3) Bookmarks and Rename Bookmarks in the Properties window --See
Claims 20-22; 4) storing HTML, GIF, and JPEG files and adding filename
extensions --See Claim 38

B) Intermind owns pending U.S. patent applications on communications
systems which employ metadata ("channel objects") to define a control
structure for information transfer. The Netscape code does not infringe
as released; however, modifications which utilize channel objects as
described by Intermind should be considered carefully. The following is
a statement from Intermind: "Intermind's claims fundamentally involve
the use of a control structure to automate communications. ...The
essence of Intermind's top claim is that two devices sender and receiver
have persistent storage, communicate over a network, and exchange a
control structure including metadata which describes: 1) what
information is to be updated, 2) when to update this information, and 3)
how to transfer the updated information. In addition, at least the
receiving device must be able to process the metadata in order to
perform the update determination and transfer. Any digital
communications system which incorporates all of these elements will be
covered by Intermind's patents." See Intermind.com.

C) Stac, Inc., and its licensing agent Hi/fn, own several patents which
disclose data compression methods implementing an LZS compression
algorithm, including U.S. Patent Nos. 4,701,745 and 5,016, 009 ("the
Stac Patents"). The Netscape Communicator code does not perform
compression. If you modify the Netscape source code to perform
compression, please take notice of the Stac Patents.

D) Netscape Communications Corporation ("Netscape") does not guarantee
that any source code or executable code available from the mozilla.org
domain is Year 2000 compliant.