During the interop testing we found that if metadata root certificate BasicConstraint extension is marked as critical it is failing on majority of the servers.
I suggest adding test that checks that Root certificate BasicConstaint extension is set to FALSE.
By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.
If you have privacy concerns, please email conformance-tools@fidoalliance.org
FIRST PRE CHECK
What protocol are you implementing?
NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.
What is your implementation class?
If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org
Issue description
During the interop testing we found that if metadata root certificate BasicConstraint extension is marked as critical it is failing on majority of the servers.
I suggest adding test that checks that Root certificate BasicConstaint extension is set to FALSE.