`rpId` cannot be replaced by `appId` because the RP could have provided several credentials in the allowList -- some that were registered using the legacy u2f APIs (and hence need the appid extension to override their `rpId`) and some that were registered using webauthn API (and hence need to keep their `rpId`). This needs to be fixed. Regarding "causing confusing with future extensions", I think that's a future problem. Future extensions can cause problems with *any* part of the spec (not just `rpId` processing) since extensions have no limits as to what they can do. In any case, let's not worry about future extensions here. -- GitHub Notification of comment by leshi Please view or discuss this issue at https://github.com/w3c/webauthn/issues/491#issuecomment-349427582 using your GitHub accountReceived on Tuesday, 5 December 2017 20:16:28 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:30 UTC