- From: bifurcation via GitHub <sysbot+gh@w3.org>
- Date: Fri, 04 Nov 2016 11:37:17 +0000
- To: public-webauthn@w3.org
This PR removes important functionality. Right now, it is possible for a RP to use this API without any knowledge of attestation formats (as long as it's willing to believe the browser that the key is good enough). With this PR, the RP can now only interoperate with an authenticator if it understand the attestation format produced by that authenticator, and it has to have code to process all the attestation formats on its critical path, before it can even look at the public key. Those seem like pretty serious constraints on interoperability and usability, so I'm inclined to close this PR. -- GitHub Notification of comment by bifurcation Please view or discuss this issue at https://github.com/w3c/webauthn/pull/235#issuecomment-258409900 using your GitHub account
Received on Friday, 4 November 2016 11:37:23 UTC