the binding between realm and platform tokens is not checked

Question

the binding between realm and platform tokens is not checked

Closed this issue 2 years ago · 0 comments

Currently, we don't check the binding between realm and platform tokens. As part of verification API we should make sure that the nonce in the platform token is the hash of raw public key found in the realm token (using the specified hash algorithm).