The attestation certificate and associated private key are only intended to be used to allow a service to determine if a given U2F token has been manufactured to known and trusted specifications. This certificate is specified by the U2F specification to be unique to "batches" of devices, not individual devices¹.
The attestation private key and certificate are not intended to be unique per device for a very important reason: Services can (and likely do) store at least some part of the attestation certificate at token registration. If unique, it would allow colluding services to identify when the same physical key is being used for different accounts on different services.
By making the attestation certificates unique to production batches instead of individual devices, hundreds or thousands of devices should have the same attestation certificate. This reduces the ability for services to collude to identify accounts which share a physical token.
¹ Tokens issued by private companies for internal use have different needs from individual consumers and often want unique attestation keys and certificates per-device for tracking purposes. For those applications, the current capability is great. However, consumer purchased tokens should have non-unique attestation certificates, and there is currently no way to accommodate this with the current codebase.
conorpp
commented
7 years ago
The attestation certificate and associated private key are only intended to be used to allow a service to determine if a given U2F token has been manufactured to known and trusted specifications. This certificate is specified by the U2F specification to be unique to "batches" of devices, not individual devices¹.
The attestation private key and certificate are not intended to be unique per device for a very important reason: Services can (and likely do) store at least some part of the attestation certificate at token registration. If unique, it would allow colluding services to identify when the same physical key is being used for different accounts on different services.
By making the attestation certificates unique to production batches instead of individual devices, hundreds or thousands of devices should have the same attestation certificate. This reduces the ability for services to collude to identify accounts which share a physical token.
¹ Tokens issued by private companies for internal use have different needs from individual consumers and often want unique attestation keys and certificates per-device for tracking purposes. For those applications, the current capability is great. However, consumer purchased tokens should have non-unique attestation certificates, and there is currently no way to accommodate this with the current codebase.