- From: Alexei Czeskis via GitHub <sysbot+gh@w3.org>
- Date: Mon, 24 Apr 2017 19:58:10 +0000
- To: public-webauthn@w3.org
leshi has just created a new issue for https://github.com/w3c/webauthn: == Why was PR #409 (UV bit) merged? == Hi all, I really don't think this PR should have been merged. First, the corresponding PR in CTAP has not been merged or is it not a dependency? Second, I don't think this is needed. Why can't you specify what type of user presence/verification check is needed during key (credential) creation? The attestation will tell you what type of key was made by this authenticator and then subsequent signatures coming from that credential will tell you that the UV was enforced. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/424 using your GitHub account
Received on Monday, 24 April 2017 19:58:20 UTC