This PR removes important functionality. Right now, it is possible for a RP to use this API without any knowledge of attestation formats (as long as it's willing to believe the browser that the key is good enough). With this PR, the RP can now only interoperate with an authenticator if it understand the attestation format produced by that authenticator, and it has to have code to process all the attestation formats on its critical path, before it can even look at the public key. Those seem like pretty serious constraints on interoperability and usability, so I'm inclined to close this PR. -- GitHub Notification of comment by bifurcation Please view or discuss this issue at https://github.com/w3c/webauthn/pull/235#issuecomment-258409900 using your GitHub accountReceived on Friday, 4 November 2016 11:37:23 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC