Observe the PAYLOAD section for the nextUpdate value of the decoded MDS3 blob. All of the MDS3 blobs from all the URLs are having a nextUpdate value of 2025-00-17. However, according to the MDS3 blob spec, the nextUpdate is a DOMString whose value is a ISO-8601 formatted date when the next update will be provided at latest. , and according to ISO-8601, the month numbers should be from 01 to 12. So the having 00 as the month value is non-compliant.
e.g. from https://mds3.fido.tools/execute/c2f37148764c98bec9d1c1ded96dd988100d7ec6cffdce36309dfa77ee76cb55, the decoded payload looks like this
{
"legalHeader": "By using this test metadata service, you are solemly swear not to do evil!",
"no": 42,
"nextUpdate": "2025-00-17",
"entries": [
{
"metadataStatement": {
"aaguid": "cee19cfd-1a44-4392-8f22-cdd3fbc05766",
"alternativeDescriptions": {
"ru-RU": "Виртуальный Secp256R1 CTAP2 аутентификатор для тестирование серверов на соответсвие спецификации FIDO2 cee19cfd-1a44-4392-8f22-cdd3fbc05766"
},
"attachmentHint": [
"external",
"wired",
"wireless",
"nfc"
],
"attestationRootCertificates": [
...
...
Certain MDS3 blob parsers will validate the value of nextUpdate and check whether it contains a ISO-8601 date format.
Please help to resolve the non-conformingnextUpdate value.
By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.
If you have privacy concerns, please email conformance-tools@fidoalliance.org
FIRST PRE CHECK
What protocol are you implementing?
NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.
What is your implementation class?
If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org
What is the version of the tool are you using?
1.7.17
What is the OS and the version are you running?
For desktop tools
For UAF mobile tools
Issue description
https://fido2-server.xyz
as the value for for the Server endpointnextUpdate
value of the decoded MDS3 blob. All of the MDS3 blobs from all the URLs are having anextUpdate
value of 2025-00-17. However, according to the MDS3 blob spec, the nextUpdate is aDOMString
whose value is a ISO-8601 formatted date when the next update will be provided at latest. , and according to ISO-8601, the month numbers should be from 01 to 12. So the having 00 as the month value is non-compliant. e.g. from https://mds3.fido.tools/execute/c2f37148764c98bec9d1c1ded96dd988100d7ec6cffdce36309dfa77ee76cb55, the decoded payload looks like thisCertain MDS3 blob parsers will validate the value of nextUpdate and check whether it contains a ISO-8601 date format. Please help to resolve the non-conforming
nextUpdate
value.