- From: Mike Jones via GitHub <sysbot+gh@w3.org>
- Date: Fri, 09 Feb 2018 00:30:04 +0000
- To: public-webauthn@w3.org
Actually, authenticators don't have to deal with two versions of an extension. If the generic conversion doesn't result in a syntactically legal request, they will drop it, which is fine. Also, the spec already says that extensions must be defined in such a way that the generic transform won't result in security or privacy problems. For most extensions, the generic transform result will be identical to the correct result - by design. That's what makes the generic transform useful and worth specifying. If experience shows that no browser chooses to do this between CR and the final specification, then we can drop it for final. But I think it should be defined for CR so that the option is present for browser vendors to evaluate. -- GitHub Notification of comment by selfissued Please view or discuss this issue at https://github.com/w3c/webauthn/pull/789#issuecomment-364295748 using your GitHub account
Received on Friday, 9 February 2018 00:30:07 UTC