The rationale was to make sure that the user gets prompted by *some* authenticator in order to know that someone is trying to figure out what authenticators are present on that machine. So this don't fail but use other authenticator was intended as a privacy features as we heardprivacy complaints about a more generic authenticator discovery feature before (which it would be in the case of returning a silent error code if the preferred authenticator is not present). -- GitHub Notification of comment by rlin1 Please view or discuss this issue at https://github.com/w3c/webauthn/issues/227#issuecomment-250387022 using your GitHub accountReceived on Thursday, 29 September 2016 07:03:56 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:23 UTC